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CloudView APIs 


Getting Started with CloudView APIs 


Many CloudView features are available through REST APIs. You can use 
Swagger tool to access the REST APIs we support. 


Accessing APIs Using Swagger 

Swagger is a widely-adopted specification that allows for programmatically 
describing REST APIs. The Swagger UI provides all the details about the APIs 
and how to invoke them. This includes information like the HTTP verbs to use 
(GET, POST, PUT, etc.), the URL paths, allowable parameters and types, and 
so on. 

You can directly access the Swagger UI from the following URL: 
http://<QualysURL>/cloudview-api/swagger-ui.html 


For example, if your account is on US Platform 2 


https://qualysguard.gqg2.apps.gualys.com/cloudview-api/swagger-ui.html 


Qualys Platforms 


Qualys maintains multiple platforms. The Qualys URL that you should use for 
API requests depends on the platform where your account is located. 


Qualys Platform URLs 

Qualys US Platform 1 - https://qualysguard.qualys.com 

Qualys US Platform 2 - https://qualysguard.qg2.apps.qualys.com 
Qualys US Platform 3 - https://qualysguard.qg3.apps.qualys.com 
Qualys EU Platform 1 - https://qualysguard.qualys.eu 

Qualys EU Platform 2 - https://qualysguard.qg2.apps.qualys.eu 


Qualys India Platform 1 - https://qualysguard.agl.apps.qualys.in 
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Qualys Canada Platform - https://qualysguard.qgl.apps.qualys.ca 
Do | need to Authenticate? 


Authentication to the Qualys Cloud Platform is necessary before you try out 
the APIs. 


Simply, click Authorize and provide the user name and password. You can 
now use the APIs! 
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AWS APIs 


AWS Connector 
We support the following operations for AWS Connector. 


Get list of connectors 


Get the details of a connector 


Get the AWS base accountld 


Get the AWS Cloud Formation template 


Get the list of errors 


Create a new connector 


Run the provided connector 


Update the existing connector 


Enable Connector (AWS) 


Disable Connector (AWS) 


Delete the provided connectors 
AWS Evaluations 
We support the following control evaluations for AWS resources: 


Get the stats for specified control id and resource id 


Get the list of evaluations as per the account for AWS Controls 


Get the resources evaluated for the specified aws account and control id 
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Get list of AWS connectors 
/rest/v1/aws/connectors 


[GET] 


List all AWS connectors in the user's account. 


Input Parameters 


Parameter Description 

filter Filter the connectors list by providing a query using 
Qualys syntax. The following search tokens are 
supported. 


- name: Name of the connector 
- description: Short description of the connector 


- state: Connector status The valid values are SUCCESS, 
PENDING, REGIONS _ DISCOVERED, ERROR 


- connector.uuid: Unique Id assigned to the connector. 
For example, 6192ce15-e790-3fe2-a02c-b4bc7/75ecf123" 


- lastSyncedOn: Date and time when the connector 
synced with the cloud provider. 


Note: This time should be in UTC time 
pageNo (integer) The page to be returned. 


pageSize (integer) The number of records per page to be 
included in the response. 


sort (keyword) Sort the results using a Qualys token. Sorting 
is currently enabled with only one sort token: 
lastSyncedOn. The allowed values are asc or desc. 
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Sample - Get list of AWS connectors in user's account 


Return the list of all AWS connectors in the user’s scope. 


API request 


curl -k -X GET -u <username>:<password> 
‘https: //<QualysURL>/cloudview- 
api/rest/v1/aws/connectors?pageNo=@&pageSize=50" 


Response 
d 
"content": [ 
{ 
"name": “AWS Connector 2", 
"connectoriId": "“a7ad52b1-fb46-3baa-931f-4223a12a2ea7", 
“descriptions: "", 
"provider": "AWS", 
"state": "SUCCESS", 
“totalAssets": 333, 
"LastSyncedOn": "Thu May 20 11:52:00 UTC 2021", 
"nextSyncedOn": "Thu May 20 13:50:52 UTC 2021", 
“remediationEnabled": true, 
"isGovCloud": false, 
"isChinaRegion": false, 
"awsAccountId": "XXXXXXXXXXXX", 
"accountAlias": “sample account alias", 
“isDisabled": false, 
REPOUSSER 
"pollingFrequency": { 
“hours 4, 
"minutes": @ 
Jo 
Perron? ten 
"baseAccountId": "XXXXXXXXXXX", 
"externalId": “USPODO1-4765-9011278609223", 
"arn": "arn:aws:iam::XXXXXXXXXXXX:role/user john new connector", 
“portalConnectorUuid": "2d39470f-cf33-45e3-8b12-ee5916bf18c9", 
"isPortalConnector": true 
} 
IE 
"pageable": { 
SORTE f 


"sorted": false, 
"unsorted": true 


} 


D 

"pageSize": 50, 

"pageNumber": 9, 

"offset": 0, 

"paged": true, 

"unpaged": false 
}; 
“totalElements": 1, 
"last": true, 
“totalPages": 1, 
"first: true, 
SORT = 4 

"sorted": false, 

"unsorted": true 
D 
"numberOfElements": 
"size": 50, 
"number": Q 


Cloud View APIs 


Sample - Filter the list of AWS connectors in success state and sort in 
descending order with lastSyncedOn 


API request 


curl -k -X GET -u <username>:<password> 
"https: //<QualysURL>/cloudview- 
api/rest/v1/aws/connectors?filter=state%3DSUCCESS&pageNo=1&pageSize=50 


&sort=lastSyncedOn%3Adesc" 


Response 


{ 


"content": [ 


{ 
"name": "test", 
“connectorId”: 


“totalAssets": 


"lastSyncedOn": "Thu 
"nextSyncedOn": "Thu 
“remediationEnabled": 


“6192ce15-e790-3fe2-a02c-b4bc75ec1234", 
“description”: “sample description”, 
"provider": "AWS", 
"state": "SUCCESS", 


5484, 


"isGovCloud": false, 


Nov 26 07:21:36 UTC 2020", 
Nov 26 09:00:41 UTC 2020", 
true, 
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“isDisabled": false, 
"isChinaRegion": false, 
"awsAccountId": "XXXXXXXXXXXX", 


"accountAlias": "alias-test", 
SNE CECR 
"name": "group1l", 


"uuid": "3ce54f33-81c6-30a2-b160-82e70cd1234" 


ly 
], 
"pollingFrequency": { 
hours, 
"minutes": @ 


“baseAccountId": "XXXXXXXXXXXX", 
"externalId": "USPOD@1-4765 -9011278609223", 
"arn": “arn:aws:iam: :XXXXXXXXXXXX:role/test", 
"isPortalConnector": false 


L 


“"numberOfElements": 2, 
"size": 50, 
"number": Q 
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Get Connector Details 
/rest/v1/aws/connectors/{connectorid} 


[GET] 


View details for a connector which is in the user’s scope. 


Input Parameters 


Parameter Description 


connectorld Cinteger) Specify the unique Id associated with 
connector in the user’s scope. 


Sample - Get details of a specific connectors in user’s account 


API request 


curl -k -X GET -u <username>:<password> 
https ://<QualysURL>/cloudview-api/rest/v1/aws/connectors/a7ad52b1- 
fb46-3baa-931f-4223a12a2ea7" 


Response 

it 
"name": “AWS Connector 2", 
“connectorId": "“a7ad52b1-fb46-3baa-931f-4223a12a2ea7", 
“descriptions: 2%, 


"provider": "AWS", 

“States SUCCESS 

“totalAssets": 333, 

"lastSyncedOn": “Thu May 20 11:52:00 UTC 2021", 
"nextSyncedOn": "Thu May 20 13:50:52 UTC 2021", 
"remediationEnabled": true, 

"isGovCloud": false, 

"isChinaRegion": false, 

"awsAccountId": "XXXXXXXXXXXX", 

"accountAlias": "SAMPLE-ACCOUNT", 

“isDisabled": false, 

"groups": [ 
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1 


"name": "AWS Connector", 
"uuid": "@ee655f8-2680-3ef1-98f7-d3d7/7b34aa485" 
} 
L 
"pollingFrequency": { 
AOUS 2, 
"minutes": @ 
hs 
"baseAccountId": "XXXXXXXXXXXX", 
"externalId": "“pod@4-2722092-1626634575829", 
"arn": "arn:aws:iam::XXXXXXXXXXXX:role/sample role", 
"isPortalConnector": false 
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Get AWS Base Account ID 
/rest/v1/aws/connectors/awsBaseAccountid 
[GET] 

Fetches the AWS base account ID for you. 


Sample - Get AWS Base Account ID 


Fetches the AWS account ID. If there is a base account associated with your 
connector, the base account Id is reflected in response. Else, the Qualys 
account Id is displayed. 


API request 


curl -k -X GET -u <username>:<password> 
"https://<QualysURL>/rest/v1/aws/connectors/awsBaseAccountId’ 


Response 


{ 
"globalAccountId": "XXXXXXXXXXXX", 


“"chinaAccountId": "XXXXXXXXXXXXXX", 
"govAccountId": "XXXXXXXXXXXXXXXXXXXXX", 


"customerGlobalAccount": "false", 
"customerChinaAccount": "false", 
"customerGovAccount": "false" 
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Get Cloud Formation Template 
/rest/v1/aws/connectors/aws/download 

[GET] 

Specify the External Id to be used for generating the AWS cloud formation 
template and download the template. 


Input Parameters 


Parameter Description 


awsCloudType (string) AWS Cloud type used for generating the 
template for particular cloud. 


externalld (integer) External Id to be used for generating the 
template. 


Sample - Download the Cloud Formation Template 


API request 


curl -k -X GET -u <username>:<password> ' 

https: //<QualysURL>/cloudview- 
api/rest/v1/aws/connectors/aws/download?awsCloudType=Gov&externalId=15 
32740312198 ' 


Response 
The Response includes a link to download the Cloud Formation Template 
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Get Error List 
/rest/v1/aws/connectors/{connectorld}/errors 


[GET] 


Get the list of errors encountered when executing connector. 


Input Parameters 


Parameter Description 


connectorld Cinteger) Specify the unique Id associated with 
connector in the user’s scope. 


pageNo (integer) The page to be returned. 


pageSize Cinteger) The number of records per page to be 
included in the response. 


Sample - 


API request 


curl -k -X GET -u <username>:<password> 
‘https: //<QualysURL>/cloudview-api/rest/v1/aws/connectors/226947d0- 
569d-11e9 -8032-2fa7ed9d9b64/errors ?pageNo=0&pageSize=50' 


Response 
i 
"content": [ 
{ 
“connectorName": "testts", 
"error": “Error getting config from af-south-1. Please check if 


region is enabled or config is enabled for this region", 
"occuredOn": "2020-07-097T12:41:50+0000", 
"region": null, 
"connectoriId": "le7fbcc@-89e7-11ea-a2c4-c9200d66FObO" 
Jo 
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t 
“connectorName": "testts", 
"error": "Error getting config from eu-south-1. Please check if 
region is enabled or config is enabled for this region", 
"occuredOn": "2020-07-09T12:41:47+0000", 
"region": null, 
"connectorid": "1le7fbcc@-89e7-11ea-a2c4-c9200d66FObe" 


} 
l» 
"pageable": { 
SOR R 1 
"sorted": false, 
"unsorted": true 
}; 


"pageSize": 50, 
"pageNumber": 0, 
"offset": 0, 
"paged": true, 
"unpaged": false 
hs 
"last": true, 
“totalElements": 2, 
"totalPages": 1, 
eleng" SIH ST 
SOLE: 
"sorted": false, 
"unsorted": true 
hs 
"numberOfElements": 2, 
"size": 50, 
"number": Q 
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Create Connector (AWS) 
/rest/v1/aws/connectors 
[POST] 


Specify the connector details such as qualysAccountld, arn, externalld, and so 
on and create a new connector. 


Input Parameters 


Parameter Description 


connectorBody (body) Specify the connector details such as 
qualysAccountld, arn, externalld, and so on. Refer to the 
following example for exact syntax. 


arn": "string", 
"description": "string", 
"externalId": "string", 
"isChinaRegion": true, 
"isGovCloud": false, 
"isPortalConnector": true, 
"name": "string, 
"remediationEnabled": true 
"pollingFrequency": { 
HNOURSE E 
"minutes": 0", 

} 

} 


Where, 


-arn: Specify the ARN of the cross-account role you 
created in your AWS account. 


-description is optional and you can give a short 
description stating the purpose of the connector you 
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want to create. 


-externalld: Specify the unique external ID. The valid 
format for the external ID is <Qualys POD>-<Qualys 
Subscription ID>-<configurable alphanumeric number> 


where, 


Qualys POD refers to the Qualys Platform associated 
with your Qualys subscription. To know the Qualys 
Platform you belong to, refer to 
https://www.qualys.com/platform-identification/. 


Qualys Subscription ID: Your unique Qualys 
Subscription ID. 


configurable alohanumeric number: Unique random 
alphanumeric number You can use a combination of 
alphabets (a-z, A-Z) and numbers to generate the 
unique number. You can use minimum 5 or maximum 13 
digits to complete the external ID combination in the 
new format. 


Note: Special characters are not permitted in the 
random number. 


-isChinaRegion (boolean): A flag indicating whether the 
Connector also is created China region or not. Set this 
flag to true to create the connector for China. 


-isGovCloud (boolean): A flag indicating whether the 
Connector also is created GovCloud region or not. Set 
this flag to true to create the connector for GovCloud. 


Note: You can set either isChinaRegion or isGovCloud 
to true for one connector. If both are set to false, the 
connector is created for Global region. 


-isPortalConnector: (boolean). A flag indicating whether 
the Connector also is created in Portal module or not 
(Asset View). If the connector is created in AssetView 
as well, then the authentication information associated 
with the connector is linked to CloudView as well. If you 
update the authentication information for the connector 
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in AssetView, it will automatically reflect in CloudView 
as well. 


-name is the name for the connector you want to 
create. 


-remediationEnabled (boolean). A flag to enable or 
disable remediation for the connector. To enable 
remediation, the remediationEnabled flag needs to be 
set to true. This flag is optional. By default, this flag is 
configured to false. If remediation is enabled on a 
connector, the response includes "remediationEnabled”: 
true. If you do not set the flag, the existing remediation 
status of the connector is displayed in the response. 


Note: The remediation feature is available only to Cloud 
Security Assessment (CSA) subscribers and is enabled 
by default. 


- pollingFrequency: Polling frequency for a connector 
decides the rate at which the connector should poll the 
cloud provider and fetch the data. 


- hours: Specify the time in hours. The valid range is 1 to 
24 hours. 


- minutes: Specify the time in minutes. The valid range is 
O to 59 minutes. 


You can configure frequency from minimum one hour 
to maximum 24 hours. We recommend that you 
configure frequency of 4 hours or more for optimal use 
of your connector. Configuring a low polling frequency 
(lesser than 4 hours) can affect the performance of the 
connector and may result in AWS API throttling error. 


Note: Configuration of connector polling frequency is 
enabled only for Cloud Security Assessment (CSA) 
users. For all other users, the default connector polling 
frequency is pre-configured and even if you update the 
connector polling frequency, the change in frequency 
will not reflect. For Cloud Inventory (Cl) users, the pre- 
configured frequency is 24 hours. For the trial period, 
the pre-configured frequency it is 4 hours. 
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Sample - Create a connector in CloudView 


Create a connector in the user’s scope. A copy of the same connector is also 
created in AssetView provided we set "isPortalConnector”: true. If the 
connector already exists in AssetView, then set "isPortalConnector”: false. 


API request 


curl -k -X POST -u <username>:<password> 
‘https: //<QualysURL>/cloudview-api/rest/v1/aws/connectors” 


Request POST Data 


í 
"arn": "arn:aws:iam: :XXXXXXXXXXXX:role/CloudViewTest", 
"description": "Sample External ID", 
"externalId": "USPOD@1-4765-9011278609223", 
"isChinaRegion": true, 
"isGovCloud": true, 
"isPortalConnector": true, 
"name": "ABC", 
"remediationEnabled": true, 
"pollingFrequency": { 
HOU See 
"minutes": 1 
} 
} 
Response 
{ 
"name": "ABC", 
"connectoriId": "8889b18b-6f92-33d3-8afd-6d9d144177e8", 
"description": "Sample External ID", 


"provider": "AWS", 
"state": "PENDING", 
“totalAssets": 0, 
"lastSyncedOn": “Wed Jan 13 07:24:46 UTC 2021", 
"nextSyncedOn": “Wed Jan 13 08:25:46 UTC 2021", 
"isGovCloud": true, 
"isChinaRegion": true, 
"awsAccountId": "XXXXXXXXXXXX", 
“isDisabled": false, 
BERMES nbs 
"pollingFrequency": { 
"hours": 1, 
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"minutes": 1 
hs 
"error": "50004", 
“remediationEnabled": true, 
“"baseAccountId": "XXXXXXXXXXXX", 
"externalId": "USPOD@1-4765-9011278609223", 
"arn": "“arn:aws:iam: :XXXXXXXXXXXX: role/CloudViewTest", 
"isPortalConnector": false 
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Run Connector 
/rest/v1/aws/connectors/run 


[POST] 


Specify the IDs of the connectors that you want to run. 


Input Parameters 


Parameter Description 


connectorRunRequest (body) Specify the IDs of the connectors that you 
want to execute/run. 


Example: 


[ 
"string" 


] 
Sample - Get details of a specific connectors in user's account 


API request 


curl -k -X POST -u <username>:<password> 
-d "["Sf83c570-51e6-11e9-bd82-c173b8d28354" |" 
"https://<QualysURL>/cloudview-api/rest/v1/aws/connectors/run' 


Response 


No Content 
Response Code: 204 
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Update Connector (AWS) 


/rest/v1/aws/connectors/{connectorld} 


[PUT] 


Specify the connector ID and you can then update details of the specified 


connector. 


Input Parameters 


Parameter 


connectorld 


connectorBody 


Description 


Cinteger) Specify the unique Id associated with 
connector in the user’s scope. 


(body) Specify the connector details such as 
qualysAccountld, arn, externalld, and so on. Refer to the 
following example for exact syntax. 


"arn": "string", 
"description": "string", 
"externalId": "string", 
"isChinaRegion": true, 
"isGovCloud": false, 
"isPortalConnector": true, 
"name": "string, 
"remediationEnabled": true 
"pollingFrequency": { 
"hours": @, 

"minutes": oi 


T 
Where, 


-arn: Specify the ARN of the cross-account role you 
created in your AWS account. 
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-description is optional and you can give a short 
description stating the purpose of the connector you 
want to create. 


-externalld: Specify the unique external ID. The valid 
format for the external ID is <Qualys POD>-<Qualys 
Subscription ID>-<configurable alphanumeric number> 


where, 


Qualys POD refers to the Qualys Platform associated 
with your Qualys subscription. To know the Qualys 
Platform you belong to, refer to 
https://www.qualys.com/platform-identification/. 


Qualys Subscription ID: Your unique Qualys 
Subscription ID. 


configurable alphanumeric number: Unique random 
alphanumeric number You can use a combination of 
alphabets (a-z, A-Z) and numbers to generate the 
unique number. You can use minimum 5 or maximum 13 
digits to complete the external ID combination in the 
new format. 


Note: Special characters are not permitted in the 
random number. 


-isChinaRegion (boolean): A flag indicating whether the 
Connector also is created China region or not. Set this 
flag to true to create the connector for China. 


-isGovCloud (boolean): A flag indicating whether the 
Connector also is created GovCloud region or not. Set 
this flag to true to create the connector for GovCloud. 


Note: You can set either isChinaRegion or 
isGovCloud to true for one connector. If 
both are set to false, the connector is 
created for Global region. 


-isPortalConnector: (boolean). A flag indicating whether 
the Connector also is created in Portal module or not 
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(Asset View). If the connector is created in AssetView 
as well, then the authentication information associated 
with the connector is linked to CloudView as well. If you 
update the authentication information for the connector 
in AssetView, it will automatically reflect in CloudView 
as well. 


-name is the name for the connector you want to 
create. 


-remediationEnabled (boolean). A flag to enable or 
disable remediation for the connector. To enable 
remediation, the remediationEnabled flag needs to be 
set to true. This flag is optional. By default, this flag is 
configured to false. If remediation is enabled on a 
connector, the response includes "remediationEnabled”: 
true. If you do not set the flag, the existing remediation 
status of the connector is displayed in the response. 


Note: The remediation feature is available only to Cloud 
Security Assessment (CSA) subscribers and is enabled 
by default. 


- pollingFrequency: Polling frequency for a connector 
decides the rate at which the connector should poll the 
cloud provider and fetch the data. 


- hours: Specify the time in hours. The valid range is 1 to 
24 hours. 


- minutes: Specify the time in minutes. The valid range is 
O to 59 minutes. 


You can configure frequency from minimum one hour 
to maximum 24 hours. We recommend that you 
configure frequency of 4 hours or more for optimal use 
of your connector. Configuring a low polling frequency 
(lesser than 4 hours) can affect the performance of the 
connector and may result in AWS API throttling error. 


Sample - Update AWS Connector 


Let us consider an example to update the description of the connector. 
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API request 


curl -k -X POST -u <username>:<password> 
‘https: //<QualysURL>/cloudview-api/rest/v1/aws/connectors/8889b18b- 
6f92-33d3-8afd-6d9d144177e8? 


Request POST Data 


| 
"arn": "arn:aws:iam: : XXXXXXXXXXXX: role/CloudViewTest", 
"description": “Update External ID", 
"externalId": "USPOD@1-4765-9011278609223", 
"isChinaRegion": true, 
“"isGovCloud": true, 
"isPortalConnector": true, 
"name": "ABC", 
"remediationEnabled": true, 
"pollingFrequency": { 
"hours": 1, 
"minutes": 1 
} 
} 
Response 
1 
"name": “My updated AWS Connector", 
“connectorId": "8889b18b-6f92-33d3-8afd-6d9d144177e8", 
"description": "Update External ID", 
"provider": "AWS", 
"state": "PENDING", 
“totalAssets": 0, 
“lastSyncedOn": "Wed Jan 13 07:28:39 UTC 2021", 
"nextSyncedOn": “Wed Jan 13 08:29:40 UTC 2021", 
"isGovCloud": true, 
"isChinaRegion": true, 
"awsAccountId": "XXXXXXXXXXXX", 
“isDisabled": false, 
“groups”: [], 
"pollingFrequency": { 
Mais ee As 
"minutes": 1 
Jo 


"error": "50004", 
"remediationEnabled": true, 
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“"baseAccountId": "XXXXXXXXXXXX", 

"externalId": "USPOD@1-4765-9011278609223", 

"arn": "“arn:aws:iam: :XXXXXXXXXXXX: role/CloudViewTest", 
“isPortalConnector": false 


26 


CloudView APIs 


Enable Connector (AWS) 
/rest/v1/aws/connectors/connectors/enable 


[PATCH] 


We give you the flexibility to enable or disable a connector. By default, all 
connectors you create are in enabled state. When you disable a connector, it 
is not eligible for auto-run or manual run. You can enable a disabled 
connector to make it eligible for auto-run or manual run. You can view 
connector details, update or delete a disabled connector. 


Note: If a combination of connectors (enabled/disabled) or only disabled 
connector are run using Run API request call, the response is always 
acknowledged: true. The Run connector API always skips disabled connector 
for all clouds. 


Input Parameters 


Parameter Description 


connectorld Cinteger) Specify the unique Id associated with 
connector in the user’s scope to be enabled. 


Sample - Enable AWS Connector 


Let us consider an example to enable an AWS connector. 


API request 


curl -k -X POST -u <username>:<password> 

‘https: //<QualysURL>/cloudview- 
api/rest/v1/aws/connectors/connectors/enable'-d "[ \"359dba68-8559- 
30f4-88d5-d4720647a23f\"]" 


Response 
i 

"acknowledged": true 
} 
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Disable Connector (AWS) 
/rest/v1/aws/connectors/connectors/disable 


[PATCH] 


We give you the flexibility to enable or disable a connector. By default, all 
connectors you create are in enabled state. When you disable a connector, it 
is not eligible for auto-run or manual run. You can enable a disabled 
connector to make it eligible for auto-run or manual run. You can view 
connector details, update or delete a disabled connector. 


Note: If a combination of connectors (enabled/disabled) or only disabled 
connector are run using Run API request call, the response is always 
acknowledged: true. The Run connector API always skips disabled connector 
for all clouds. 


Input Parameters 


Parameter Description 


connectorld Cinteger) Specify the unique Id associated with 
connector in the user’s scope to be disabled. 


Sample - Disable AWS Connector 


Let us consider an example to disable an AWS connector. 


API request 


curl -k -X POST -u <username>:<password> 

“https: //<QualysURL>/cloudview- 
api/rest/v1/aws/connectors/connectors/disable'-d "[ \"359dba68-8559- 
30f4-88d5-d4720647a23f\"]" 


Response 


{ 


"acknowledged": true 


28 


29 


CloudView APIs 


CloudView APIs 


Delete Connector (AWS) 
/rest/v1/aws/connectors 


[DELETE] 


Delete the specified connector which is in the user’s scope. 


Input Parameters 


Parameter Description 


connectorld Cinteger) Specify the unique Id associated with 
connector in the user’s scope. 


Sample - Delete AWS connector in user’s account 


API request 


curl -X DELETE -u <username>:<password> 
-d '["215947d0-569d-11e9-8032-2fa7ed9d9b64" |" 
"https://<QualysURL>/cloudview-api/rest/v1/aws/connectors' 


Response 


No Content 
Response Code: 204 
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AWS Evaluations 


Get the stats for specified control id and resource id 


/rest/v1/aws/evaluations/stats/{controlld}/{connectorld}?resourceld={reso 
urceld} 


[GET] 
Specify the details such as control ID, resource ID, and connector ID to get the 
statistics for specified control and resource ID. 


Note: By default, the response includes the data for last 24 hours. 


Input Parameters 


Parameter Description 


controlld (string) Specify the control ID of a control for which 
resources evaluated need to be fetched. 


resourceld (string) Specify the unique ID of the resource being 
evaluated. 
connectorld (string) Specify the unique Id associated with the 


connector in the user’s scope. 


Sample - Get the statistics for a specified control and resource 


API request 


curl -k -X GET -u <username>:<password> 

‘https: //<QualysURL>/cloudview- 
api/rest/v1/aws/evaluations/stats/43/0323f5ee-bf72-3140-89dFf - 
677694012345 ?resourceld=vpc -037de4d9d79312345' 


Response 


if 
“firstEvaluated": "2021-03-08T23:01:10+0000", 


“lastEvaluated": "2021-03-22T12:07:05+0000", 
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"dateReopen": "2021-03-25T08:57:17+0000", 
“dateFixed": "2021-03-25T08:51:45+0000" 


ti 
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Get the list of evaluations as per the account for AWS Controls 


/rest/v1/aws/evaluations/{accountid} 


[GET] 


Specify the details such as control ID, resource ID, and connector ID to get the 
statistics for specified control and resource ID. 


Input Parameters 


Parameter 


accountld 


filter 


Description 


(string) Specify the unique Id associated with your AWS 
account. 


Filter the resources list by providing a query using 
Qualys syntax. 


If you do not add a date filter, by default the data for 
last 24 hours is included in the response. If you need 
data for specific date or date range, form your filter 
query using evaluatedOn token. 


Examples: 


Show resources discovered within certain dates 
evaluatedOn: [2019-01-01 ... 2019-03-01] 


Show resources updated starting 2019-01-01, ending 1 
month ago 
evaluatedOn: [2019-01-01 ... now-1m] 


Show resources updated starting 2 weeks ago, ending 1 
second ago 
evaluatedOn: [now-2w … now-1s] 


Show resources discovered on specific date 
evaluatedOn: 2019-01-08 


Sample - Get the list of evaluations as per the account for AWS Controls 
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API request 


curl -k -X GET -u <username>:<password> 
"https: //<QualysURL>/cloudview- 
api/rest/v1/aws/evaluations/888888888888 ' 


Response 
g 
"content": [ 
i 
"controlName": "Ensure multi-factor authentication (MFA) is 
enabled for all IAM users that have a console password", 
"policyName": "CIS Amazon Web Services Foundations Benchmark", 
Acriticality: EI 
"service": "IAM", 
EH EE 
HGO NEON a 
“passedResources": 6, 
“failedResources": 32, 
“passWithExceptionResources": 1 
T. 
{ 
"controlName": “Ensure console credentials unused for 90 days or 
greater are disabled", 
“policyName": "CIS Amazon Web Services Foundations Benchmark", 
achmea LEV: le 
"service": "IAM", 
"result": "FAIL", 
KCONERO LRS = 2 
“passedResources": 8, 
“failedResources": 30, 
“passWithExceptionResources": @ 
}; 
{ 


“controlName": "Ensure that all the expired SSL/TLS certificates 
stored in AWS IAM are removed", 

“policyName": "AWS Best Practices Policy", 

SD aber EW S GH 

"service": "IAM", 

EES =< “FALL; 

KCONERO Nd OS a 

“passedResources": 1, 

“failedResources": 3 
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“passWithExceptionResources": @ 


} 
l 
"pageable": { 
= SOI 95T 
"unsorted": true, 
"sorted": false 
}; 
"pageSize": 100, 
"pageNumber": 0, 
"offset": 0, 
"paged": true, 
"unpaged": false 
Jo 


"last": true, 
"totalElements": 68, 
"totalPages": 1, 
"EES true, 
gamens E 
"unsorted": true, 
"sorted": false 
Jo 
"numberOfElements": 68, 
"size": 100, 
"number": Q 
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CloudView APIs 


Get the resources evaluated for the specified aws account and control id 
/rest/v1/aws/evaluations/{accountld}/resources/{controlld} 

[GET] 

Specify the details such as account ID, resource ID, and connector ID to get 


the statistics for specified control and resource ID. 


Input Parameters 


Parameter Description 

accountID (string) Specify the unique Id associated with your AWS 
account. 

controlld (string) Specify the control ID of a control for which 


resources evaluated need to be fetched 


filter Filter the resources list by providing a query using 
Qualys syntax. 


If you do not add a date filter, by default the data for 
last 24 hours is included in the response. If you need 
data for specific date or date range, form your filter 
query using evaluatedOn token. 


Examples: 


Show resources discovered within certain dates 
evaluatedOn: [2019-01-01 ... 2019-03-01] 


Show resources updated starting 2019-01-01, ending 1 
month ago 

evaluatedOn: [2019-01-01 ... now-1m] 

Show resources updated starting 2 weeks ago, ending 1 
second ago 

evaluatedOn: [now-2w … now-1s] 


Show resources discovered on specific date 
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evaluatedOn: 2019-01-08 
pageNo (integer) The page to be returned. 


pageSize Cinteger) The number of records per page to be 
included in the response. 


Sample - Get all or filter the evaluations for your account 


API request 


curl -X GET --header ‘Accept: application/json' --header 
"Authorization: Basic dXNlcmShbWU6cGFzc3dvcmQK==' 

‘https: //<QualysURL>/cloudview- 
api/rest/vl/aws/evaluations/888888888888/resources/25?pageNo=0&pageSiz 
e=50" 


Response 
i 
"{ 
"content": [ 
il 
"resourceId": "Default", 
"region": "us-east-1", 


Maccounerde s AKKA aaa 
"evaluatedOn": "2020-12-15T06:42:18+0000", 
"evidences": [ 
{ 
"settingName": "KMS Key ID", 
"actualValue": null 
} 


IE 
"resourceType": “CLOUD TRAIL", 


"connectorId": "6192ce15-e790-3fe2-a02c-b4bc75ecf199", 
"result": "PASS WITH EXCEPTION", 
“evaluationDates": { 
“firstEvaluated": "2020-12-08T02:27:24+0000", 
“lastEvaluated": “2020-12-15T06:42:18+0000", 
"dateReopen": null, 
“dateFixed": "2020-12-107113:58:47+0000" 


Jo 
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Hasta- dZ 
“totalPages": 1, 
“totalElements": 2, 
“first: true; 
"SORT ii 

"sorted": false, 
"unsorted": true 


Ja 
"numberOfElements": 
"size": 50, 


"number": @ 
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CloudView APIs 


Assessment Reports 


Create Assessment Report 


/rest/v1/report/assessment/create 


[POST] 


Specify the report settings such as policy details, connector details, cloud 
provider and so on to generate assessment reports. You can generate the 
assessment reports to view the compliance posture of the organization. 


Input Parameters 


Parameter 


createReportRequest 


Description 


(body) You need to provide the details required to 
generate the report in the createReportRequest 
parameter. The syntax for the same is given below: 


{ 
"reportName": "string", 
"description": "string", 
“format”: "string", 


"resourceSummaryInclude": true, 
"cloudType": "string", 


"query": "string", 
"startDate": "string", 
"endDate": "string", 


executionType": "RUN TIME", 
"policyIds": [ 


"string" 

L 

"resourceResults": [ 
"PASS" 

IE 

“groupIds": [ 
"string" 

l 
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"connectorIds": [ 
“string” 

] 

} 


where, 
reportName: name of the report 


description: short description stating the purpose 
of the report you want to create. 


format: the report format: CSV or PDF. 


resourceSummaryinclude: Set to true to include 
details resource ID, connector, control ID, resource 
type, evaluation date, and resource result in the 
report (applicable only for PDF report format). 


Note: Assessment reports containing up to 8k 
records with Resource Summary get successfully 
downloaded. Assessment report exceeding 8k 
records and Resource Summary is currently not 
supported for PDF reports. 


cloudType: the cloud provider (AWS, Azure, or 
GCP) 


query: Form a search query for your report using 
Qualys Query Language (QQL). For more 
information on query formation, see the “How to 
Search” topic in the CloudView online help. 


The startDate and endDate parameters are 
mandatory. Use them as date filter for your query. 
Specify the date in yyyy-mm-ddTHH:MM:SSZ 
format. For example, to use specify 14th October 
2020 at 3.26 PM, you need to use 2020-10- 
14T03:26:15Z format. 


executionType: Set to one of the following values t 
generate the report depending on the execution 
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type of the controls. 


Set to RUN TIME to generate assessment report 
with control evaluations for deployed cloud 
resources. 


Set to BUILD TIME to generate assessment report 
with control evaluations for cloud resources within 
the laC templates. 


policyld: unique ID associated with the policy. 


For CSV report format, you can specify multiple 
policy IDs. 


For PDF report format, you can specify only one 
policy ID. 


resourceResults: the evaluation results to be 
included in the reports for resources evaluated 
against the controls that meet criteria defined in 
Search Query. You could specify Pass, PassE (pass 
with exceptions), and Fail options. You can specify 
multiple options. 


grouplds: unique Id of the (connector) group. 


connectorlds: unique Id associated with the 
connector. 


Sample - Create an assessment report 


API request 


curl -k -X POST -u <username>:<password> 
‘https: //<QualysURL>/cloudview-api/rest/v1/report/assessment/create 


Request POST Data 


i 
"reportName": “Sample PDF Report", 


"description": "PDF report format", 
“format: “pdt; 
"resourceSummaryInclude": false, 
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"cloudType": "GCP", 

UNE es 

"startDate": “2021-01-24T08:46: 362", 

"endDate": “2021-01-25T08:46: 362", 

"policyIds": ["636335f0-4730-11ea-8758-77aa7bc96f55" |, 
"resourceResults": [PASS], 

"groupIds": [], 

"connectorIds": [] 


Response 


1252bf70-0ee3-11eb-8be0ð-19cb59be89b6 
The response returns the unique report ID on successfully creating the 
report. 


Sample - Create an assessment report with Run Time controls 


API request 


curl -X POST -u <username>:<password> 
'https://<QualysURL>/cloudview-api/rest/v1/report/assessment/create' 


Request POST Data 


i 
"cloudType": "AWS", 
"connectorIds": [ "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" ] , 
"description": "Sample Assessment Report", 
"endDate": "2021-12-30T04:49:22Z", 
"executionType": "RUN TIME", 
"format. : Se 
"grouplds": ["3fa85f64-5717-4562-b3fc-2c963f66afa6" |, 
"iacResourceResults": ["FAIL"], 
"policyIds": ["3fa85f64-5717-4562-b3c-2c963f66afa6" |, 
"query": “" 
"reportName": “Sample Assessment Report CSV", 
"resourceResults": ["FAIL"], 
"resourceSummaryInclude": true, 
"startDate": "2021-12-27104:49:227" 


Response 
1252bf70-0ee3-11eb-8be0-19cb59be89b6 
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The response returns the unique report ID on successfully creating the 
report. 


Sample - Create an assessment report with Build Time controls 


API request 


curl -X POST -u <username>:<password> 
‘https: //<QualysURL>/cloudview-api/rest/v1/report/assessment/create' 


Request POST Data 


{ 
"cloudType": "AWS", 


"connectorids": [ 

"XXXXXXXX - XXXX - XXXX = XXXX -XXXXXXXXXXXX" 

], 

"description": "Sample Assessment Report", 
"endDate": "2021-12-30T04:49:227", 
"executionType": “BUILD TIME", 
ABTEI 


“groupIds": [ 
"3fa85f64-5717-4562-b3fc-2c963f66afa6" 
l 

"iacResourceResults": [ 

EATIS 

l 


IRIS LHS EN 
"3fa85f64-5717-4562-b3fc-2c963f66afa6" 
], 
"query": 
"reportName": "Sample Assessment Report CSV", 
"resourceResults": [ 

EADS: 

l 

"resourceSummaryInclude": true, 

"startDate": "2021-12-27104:49:227" 


Response 


3452bf70-0ee3-11eb-8be0-19cb59be89b6 
The response returns the unique report ID on successfully creating the 
report. 
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Get List Assessment Report 

/rest/v1/report/assessment/list 

[GET] 

You can now fetch the list of all the assessment reports in your account. 


Input Parameters 


Parameter Description 

createdBy Use values to find reports created by a certain user. 
pageNo Cinteger) The page to be returned. 

pageSize Cinteger) The number of records per page to be 


included in the response. 


reportName (string) Name of the report. 

sortBy Specify the field that decides the sort order for the 
rules. 

reportld (string) Specify the unique Id associated with the 
report. 

status (string) Specify the report status from Accepted, 


Completed, Failed, Generated, Processing. 


Sample - Get list of assessment reports 


API request 


curl -k -X GET-u <username>:<password> 
‘https: //<QualysURL>/cloudview- 
api/rest/v1/report/assessment/list ?pageNo=1&pageSize=50 


Response 
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"reportName": “Assessment Report in PDF", 
"status": "COMPLETED", 

"fileFormat": "pdf", 

"createdAt": "2021-01-25T06:04:27.000Z", 
"createdBy": “user john", 

"templateName": "Assessment Report", 

"reportType": "On-Demand", 

"expiresOn": "2021-02-02", 

"reportId": "2e383cc0-5ed3-11eb-ac38-9b1adcf6e2ef" 
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Re-run Assessment Report 

/rest/vi/report/assessment/{reportid}/rerun 

[POST] 

You can execute an existing assessment report using the unique report Id 
assigned to a report. The same report configurations are retained in the report 


you run again and a new report is generated with a new report Id. 


Input Parameters 


Parameter Description 
reportld (string) Specify the unique Id associated with the 
report. 


Sample - Re-run an assessment report 


API request 


curl -k -X POST -u <username>:<password> 
‘https: //<QualysURL>/cloudview-api/rest/v1/report/assessment/25f41b0- 
07c0-11eb-ac98-8f3cc041e575/rerun 


Response 


1252bf70-@ee3-11eb-8be8@-19cb59be89b6 
The response returns the a new unique report ID on successfully 
execution the report. 
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Download Assessment Report 
/rest/v1/report/assessment/{reportld}/download 

[GET] 

You can download a specific report in CSV or PDF format using the report Id. 
You can download report for laC posture to know the evaluation results and 


prevent misconfigurations. 


Input Parameters 


Parameter Description 

reportld (string) Specify the unique Id associated with the 
report. 

reportFormat Specify the report format: csv or pdf. 


Sample - Download assessment reports (CSV format) 


API request 


curl -k -X GET -u <username>:<password> 
"https: //<QualysURL>/cloudview-api/rest/v1/report/assessment/4d78ec60- 
5ec9-11eb-89c0-937a2c5d739f/download?reportFormat=csv" 


Response 


Response Code: 200 
The response includes the assessment report in CSV format. 


Sample - Download assessment reports in PDF format 


API request 


curl -k -X GET -u <username>:<password> 
“https: //<QualysURL>/cloudview-api/rest/v1/report/assessment/4d78ec60- 
5ec9-11eb-89c0-937a2c5d739f/download?reportFormat=pdf" 


Response 
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Response Code: 200 
The response body includes the link for download of assessment report 
in PDF format. 


48 


Azure APIs 


Azure Connector 


We support the following operations for Azure Connector. 


Get list of connectors 


Get the details of a connector 


Create a new connector 


Run the provided connector 


Update the existing connector 


Enable Connector (Azure) 
Disable Connector (Azure) 


Delete the provided connectors 


Azure Evaluations 


Cloud View APIs 


We support the following control evaluations for Azure resources: 


Get the statistics for specified control and resource 


Get the list of evaluations as per account for Azure controls 


Get the resources evaluated for specified Azure account Id and control Id 
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Get Azure Connectors 
/rest/v1/azure/connectors 


[GET] 


List all Azure connectors in the user's account. 


Input Parameters 


Parameter Description 

filter Filter the connectors list by providing a query using 
Qualys syntax. The following search tokens are 
supported. 


- name: Name of the connector 
- description: Short description of the connector 


- state: Connector status The valid values are SUCCESS, 
PENDING, REGIONS _ DISCOVERED, ERROR 


- connector.uuid: Unique Id assigned to the connector. 
For example, 6192ce15-e790-3fe2-a02c-b4bc75ecfl23" 


- lastSyncedOn: Date and time when the connector 
synced with the cloud provider. 


Note: This time should be in UTC time 
pageNo (integer) The page to be returned. 


pageSize Cinteger) The number of records per page to be 
included in the response. 


sort (keyword) Sort the results using a Qualys token. Sorting 
is currently enabled with only one sort token: 
lastSyncedOn. The allowed values are asc or desc. 
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Sample - Get list of Azure connectors in user's account 


Return the list of all connectors in the user’s scope. 


API request 


curl -X GET -u <username>:<password> 
"https://<QualysURL>/cloudviewapi/rest/v1/azure/connectors/2e@c1660- 
d@61-11e9-ad71-df4fba75b3c5' 


Response 


{ 


"content": [ 
{ 

"name": "Azure Connector", 
"connectoriId": "2725fd62-c0f7-3ba0-b714-2595fe19e734", 
"description": "" 
"provider": "AZURE", 
"state": "SUCCESS", 
“totalAssets": 213, 
"LastSyncedOn": "Thu May 20 11:51:51 UTC 2021", 
"nextSyncedOn": "Thu May 20 15:40:41 UTC 2021", 
“rpemediationEnabled": false, 
“isGovCloud": false, 
“isDisabled": false, 
"applicationId": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", 
"subscriptionId": "XXXXXXXX -XXXX-XXXX-XXXX-XXXXXXXXXXXX" , 
"subscriptionName": “Sample account, 
"groups": [ 

{ 

"name": “Azure Group", 
"uuid": "d24f8981-c3ad-37ae-8496-29ee5a459070" 
}s 
{ 


"name": “Sales Group", 
"uuid": "4659b745-c06d-39ef-8bc1-e6f7f5acee12" 
} 
]; 
"pollingFrequency": { 
"hours": 4, 
"minutes": o 
Ié 
"directoryId": "ff4e2413-65ab-4dc2-9e5b-1ea02d3d94eb" 
Ié 
at 
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"name": “Azure Conn2", 
"connectorId": "6b@b7c71-d@F3-3226-a88a-b0157ea47c19", 
"description": "" 


"provider": "AZURE", 
States SUCCESS 
“totalAssets": 49, 
"lastSyncedOn": “Thu May 20 11:51:15 UTC 2021", 
"nextSyncedOn": “Thu May 20 14:01:15 UTC 2021", 
"remediationEnabled": false, 
"isGovCloud": false, 
"isDisabled": false, 
"applicationId": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", 
"subscriptionId": "XXXXXXXX-XXXX -XXXX-XXXX-XXXXXXXXXXXX" , 
“subscriptionName": “sample account", 
"groups": [], 
"pollingFrequency": { 
NOUS 294), 
"minutes": @ 
Jo 
"nextSyncedOn": "Fri May 20 18:33:08 UTC 2021", 


"sorted": true, 
"unsorted": false 
Ié 
"pageSize": 50, 
"pageNumber": 6, 
"offset": ©, 
"paged": true, 
"unpaged": false 
hs 
"last": true, 
"totalPages": 1, 
"totalElements": 2, 
KE HERE 
CS 
"sorted": true, 
"unsorted": false 


hs 
"numberOfElements": 2, 
"size": 50, 


"number": @ 
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Sample - Filter the list of Azure connectors in success state and sortin 
descending order with lastSyncedOn 


API request 


curl -k -X GET -u <username>:<password> 

"https: //<QualysURL>/cloudview- 
api/rest/v1/azure/connectors?filter=state%3DSUCCESS&pageNo=1&pageSize= 
50&sort=lastSyncedOn%3Adesc" 


Response 


{ 


"content": [ 


{ 
"name": "test", 
“connectorId": "d56884c8-de42-3d62-a5ea-5d46c2412345", 
“description”: “azure connector”, 
"provider": "AZURE", 
"state": "SUCCESS", 
“totalAssets": 117, 
"LastSyncedOn": "Thu Nov 26 07:55:26 UTC 2020", 
"nextSyncedOn": "Thu Nov 26 11:55:26 UTC 2020", 
“"remediationEnabled": true, 
"isGovCloud": false, 
“applicationId": "d8c3a45a-e6f9-449e-8a54-2416e2d12345", 
"subscriptionId": "XXXXXXXX -XXXX-XXXX-XXXX-XXXXXXXXXXXX" , 
“subscriptionName": “test-subscription-name", 
"groups": [], 
"pollingFrequency": { 
"hours": 4, 
"minutes": 0 
}; 
“directoryId": "ff4e2413-65ab-4dc2-9e5b-1ea@2d312345" 
T. 


“"numberOfElements": 2, 


"size": 50, 
"number": @ 
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Get Connector Details (Azure) 
/rest/v1/azure/connectors/{connectorld} 


[GET] 


View details for a specific Azure connector which is in the user’s scope. 


Input Parameters 


Parameter Description 


connectorld (string) Specify the unique Id associated with 
connector in the user’s scope. 


Sample - Get details of a specific Azure connector in user's account 


API request 


curl -X GET --header ‘Accept: application/json' --header 
‘Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQK==' 

"https ://<QualysURL>/cloudview-api/rest/v1/azure/connectors/2725fd62- 
c@f7-3ba0-b714-2595fe19e734" 


Response 

{ 
"name": "Azure Connector", 
"connectoriId": "2725fd62-cOf7-3ba@-b714-2595fe19e734", 
"description": “" 


"provider": "AZURE", 

State SUCCESS 

“totalAssets": 213, 

"lastSyncedOn": "Thu May 20 11:51:51 UTC 2021", 
"nextSyncedOn": “Thu May 20 15:40:41 UTC 2021", 
"remediationEnabled": false, 

"isGovCloud": false, 

"isDisabled": false, 

"applicationId": "f@76c321-694d-4929-ae@b-d2bd14d1a4d7", 
“subscriptionId": "9de9e@a7-4f67-4812-917d-2246853844e1", 
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“subscriptionName": "qlys-dev-cvdev", 
"groups": [ 
{ 
"name": "QA Group", 
"uuid": "4659b745-c@6d-39ef-8bc1-e6f7f5acee12" 
T. 
{ 
"name": “Azure Group", 
"uuid": "d24F8981-c3ad-37ae-8496-29ee5a459070" 
} 
l 


"pollingFrequency": { 
"hours": 4, 
"minutes": 0 
es 
“directoryId": "ff4e2413-65ab-4dc2-9e5b-1ea02d3d94eb" 
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Create Connector (Azure) 
/rest/v1/azure/connectors 


[POST] 


Specify the connector details such as application Id, authenticationKey, 
description, directoryld, name, and subscription Id of your Azure account and 
create a new connector. 


Input Parameters 


Parameter Description 


connectorBody (body) Specify the connector details such as 
qualysAccountld, arn, externalld, and so on. Refer to 
the following example for exact syntax. 


“applicationId": "string", 
"authenticationKey": "string", 
"description": "string", 
"directoryId": "string", 
"isGovCloud": false, 
"name": "string", 
"remediationEnabled": true, 
“subscriptionId": "string" 
"pollingFrequency": { 
ANOURSA El 

"minutes": oi 


T 
Where, 


-applicationid: Unique identifier of the application you 
create on Azure portal. 


-authenticationKey: The secret key generated after you 
provide permission to the application to access the 
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Windows Azure Service. 


-description is optional and you can give a short 
description stating the purpose of the connector you 
want to create. 


-directoryld: Unique identifier of your Azure Active 
Directory. 


-isGovCloud (boolean): A flag indicating whether the 
Connector also is created GovCloud region or not. Set 
this flag to true to create the connector for GovCloud. 


-name is the name for the connector you want to 
create. 


-remediationEnabled (boolean). A flag to enable or 
disable remediation for the connector. To enable 
remediation, the remediationEnabled flag needs to be 
set to true. This flag is optional. By default, this flag is 
configured to false. If remediation is enabled ona 
connector, the response includes 
"remediationEnabled”: true. If you do not set the flag, 
the existing remediation status of the connector is 
displayed in the response. 


Note: The remediation feature is available only to 
Cloud Security Assessment (CSA) subscribers and is 
enabled by default. 


-subscriptionid: Unique identifier of your Microsoft 
Azure subscription. 


- pollingFrequency: Polling frequency for a connector 
decides the rate at which the connector should poll the 
cloud provider and fetch the data. 


- hours: Specify the time in hours. The valid range is 1 
to 24 hours. 


- minutes: Specify the time in minutes. The valid range 
is O to 59 minutes. 


You can configure frequency from minimum one hour 
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to maximum 24 hours. We recommend that you 
configure frequency of 4 hours or more for optimal use 
of your connector. Configuring a low polling frequency 
(lesser than 4 hours) can affect the performance of the 
connector and may result in Microsoft Azure API 
throttling error. 


Note: Configuration of connector polling frequency is 
enabled only for Cloud Security Assessment (CSA) 
users. For all other users, the default connector polling 
frequency is pre-configured and even if you update the 
connector polling frequency, the change in frequency 
will not reflect. For Cloud Inventory (CI) users, the pre- 
configured frequency is 24 hours. For the trial period, 
the pre-configured frequency it is 4 hours. 


Sample - Create a Azure Connector 


API request 


curl -k -X POST -u <username>:<password> 
‘https: //<QualysURL>/cloudview-api/rest/v1l/azure/connectors? 


Request POST Data 


1 
"applicationId": "d8c3a66a-e6f9-449e-8a54-2416e2d61aec", 


"authenticationKey": "XXXXXXXXXXXXXXX" , 

"description": "This is test description", 

"directoryld": "ff4e2442-65ab-4dc2-9e5b-1ea0@2d3d94eb", 
"isGovCloud": true, 

"name": "My Azure Connector", 

"remediationEnabled=true" , 

"subscriptionld": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", 
"pollingFrequency": { 

OUI sg 2. 

"minutes": @ 


Response 


{ 
“applicationId": "d8c3a66a-e6f9-449e-8a54-2416e2d61aec", 


58 


Kei Kei 


CloudView APIs 


“connectorId”: "674292e0-5223-11e9-be90-4dfe52eda963", 
"description": "This is test description”, 


"directoryId": "ff4e2442-65ab-4dc2-9e5b-1ea@2d3d94eb", 
errors String 


"groups": [], 

"isGovCloud": true, 

“lastSyncedOn": “Fri Apr 1 10:33:08 UTC 2020", 
"name": "My Azure Connector", 

"provider": "AZURE", 

“remediationEnabled": true, 

"state": "PENDING", 

"subscriptionId": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", 
“totalAssets": 0, 

“pollingFrequency": { 

"hours": 4, 

"minutes": @ 


T 
"nextSyncedOn": "Fri Apr 1 14:33:08 UTC 2020" 
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Run Connector (Azure) 
/rest/v1/azure/connectors/run 


[POST] 


Specify the IDs of the connectors that you want to run. 


Input Parameters 


Parameter Description 


connectorRunRequest (Array[string]) Specify the IDs of the 
connector that you want to execute/run. 
Example: 
["string"] 


Sample - Get details of a specific connectors in user's account 


API request 


curl -k -X GET -u <username>:<password> -d ’[“67a51d30-14d4-12e9-aae4- 
31d950d53bd8" |’ 


‘https: //<QualysURL>/cloudview-api/rest/v1l/azure/connectors 


Response 


No Content 
Response Code: 204 
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Update Connector (Azure) 
/rest/v1/azure/connectors/{connectorid} 


[PUT] 


Specify the connector ID and the details of the connector that you would 
want to update in the connectorBody parameter. Your connector details get 
updated. 


Input Parameters 


Parameter Description 


connectorld (string) Specify the unique Id associated with 
connector in the user’s scope. 


connectorBody (body) Specify only those connector details that you 
want to update. Refer to the following example for 
syntax. 


“applicationId": "string", 
"authenticationKey": "string", 
"description": "string", 
"directoryId": "string", 
"isGovCloud": true, 
"name": "string", 
"remediationEnabled": true, 
"pollingFrequency": { 
"hours": 0, 
"minutes": oi 

} 

} 


Where, 


-applicationld: Unique identifier of the application you 
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create on Azure portal. 


-authenticationKey: The secret key generated after you 
provide permission to the application to access the 
Windows Azure Service. 


-description is optional and you can give a short 
description stating the purpose of the connector you 
want to create. 


-directoryld: Unique identifier of your Azure Active 
Directory. 


-isGovCloud (boolean): A flag indicating whether the 
Connector also is created GovCloud region or not. Set 
this flag to true to create the connector for GovCloud. 


-name is the name for the connector you want to 
update. 


-remediationEnabled (boolean). A flag to enable or 
disable remediation for the connector. To enable 
remediation, the remediationEnabled flag needs to be 
set to true. This flag is optional. By default, this flag is 
configured to false. If remediation is enabled ona 
connector, the response includes 
"remediationEnabled”: true. If you do not set the flag, 
the existing remediation status of the connector is 
displayed in the response. 


Note: The remediation feature is available only to 
Cloud Security Assessment (CSA) subscribers and is 
enabled by default. 


- pollingFrequency: Polling frequency for a connector 
decides the rate at which the connector should poll the 
cloud provider and fetch the data. 


- hours: Specify the time in hours. The valid range is 1 
to 24 hours. 


- minutes: Specify the time in minutes. The valid range 
is O to 59 minutes. 
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You can configure frequency from minimum one hour 
to maximum 24 hours. We recommend that you 
configure frequency of 4 hours or more for optimal use 
of your connector. Configuring a low polling frequency 
(lesser than 4 hours) can affect the performance of the 
connector and may result in Microsoft Azure API 
throttling error. 


Note: Configuration of connector polling frequency is 
enabled only for Cloud Security Assessment (CSA) 
users. For all other users, the default connector polling 
frequency is pre-configured and even if you update the 
connector polling frequency, the change in frequency 
will not reflect. For Cloud Inventory (CI) users, the pre- 
configured frequency is 24 hours. For the trial period, 
the pre-configured frequency it is 4 hours. 


Sample - Update Azure Connector 


Update connector in the user's scope. 


API request 
curl -k -X GET -u <username>:<password> 


{ 
"applicationId": "d8c3a66a-e6f9-449e-8a54-2416e2d61aec", 
"authenticationKey": "XXXXXXXXXXXXXXX" , 
"description": "Test description updated", 
“directoryId": "ff4e2442-65ab-4dc2-9e5b-1eaQ@2d3d94eb", 
"isGovCloud": true, 
"name": "My Azure Connector", 
“remediationEnabled=true", 
“pollingFrequency": { 
"hours": 6, 
"minutes": @ 

} 


} 
"https://<QualysURL>/cloudview-api/rest/v1/azure/connectors/7d80a840- 


40b6-11e9-9078-111111111111' 


Response 


{ 


"name": "My Azure Connector", 
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"description": “Polling Frequency updated", 
"isGovCloud": false, 

"state": "PENDING", 

"totalAssets": 0, 

“applicationId": "d8c3a45a-e6f9-449e-8a54-2416e2d61aec", 
"subscriptionId": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" , 
"groups": [], 

"provider": "AZURE", 

"remediationEnabled": true, 

“connectorId": "7d80a840-40b6-11e9-9078-111111111111", 
“lastSyncedOn": “Fri Apr 1 10:33:08 UTC 2020", 
"directoryId": "ff4e2413-65ab-4dc2-9e5b-1ea@2d3d94eb", 
"pollingFrequency": { 

"hours": 6, 

"minutes": © 

hs 

"nextSyncedOn": "Fri Apr 1 16:33:08 UTC 2020" 

i 
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Enable Connector (Azure) 
/rest/v1/azure/connectors/connectors/enable 


[PATCH] 


We give you the flexibility to enable or disable a connector. By default, all 
connectors you create are in enabled state. When you disable a connector, it 
is not eligible for auto-run or manual run. You can enable a disabled 
connector to make it eligible for auto-run or manual run. You can view 
connector details, update or delete a disabled connector. 


Note: If a combination of connectors (enabled/disabled) or only disabled 
connector are run using Run API request call, the response is always 
acknowledged: true. The Run connector API always skips disabled connector 
for all clouds. 


Input Parameters 


Parameter Description 


connectorld (integer) Specify the unique Id associated with 
connector in the user’s scope to be enabled. 


Sample - Enable Azure Connector 


Let us consider an example to enable an Azure connector. 


API request 


curl -k -X POST -u <username>:<password> 

“https: //<QualysURL>/cloudview- 
api/rest/v1/azure/connectors/connectors/enable'-d "[ \"359dba68-8559- 
30f4-88d5-d4720647a23f\"]" 


Response 
i 

"acknowledged": true 
} 


65 


CloudView APIs 


Disable Connector (Azure) 
/rest/v1/azure/connectors/connectors/disable 


[PATCH] 


We give you the flexibility to enable or disable a connector. By default, all 
connectors you create are in enabled state. When you disable a connector, it 
is not eligible for auto-run or manual run. You can enable a disabled 
connector to make it eligible for auto-run or manual run. You can view 
connector details, update or delete a disabled connector. 


Note: If a combination of connectors (enabled/disabled) or only disabled 
connector are run using Run API request call, the response is always 
acknowledged: true. The Run connector API always skips disabled connector 
for all clouds. 


Input Parameters 


Parameter Description 


connectorld (integer) Specify the unique Id associated with 
connector in the user’s scope to be disabled. 


Sample - Disable Azure Connector 


Let us consider an example to disable an Azure connector. 


API request 


curl -k -X POST -u <username>:<password> 

“https: //<QualysURL>/cloudview- 
api/rest/v1/azure/connectors/connectors/disable'-d "[ \"359dba68-8559- 
30f4-88d5-d4720647a23f\"]" 


Response 


{ 


"acknowledged": true 
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Delete Connector 
/rest/v1/azure/connectors 


[DELETE] 


Delete the specified connector which is in the user’s scope. 


Input Parameters 


Parameter Description 


connectorld (Array[string]) Specify the unique Id associated with 
connector in the user’s scope. 


Example: ["67a51d30-14d4-12e9-aae4-31d950d53bd7" ] 


Sample - Delete Azure Connector in user's account 


API request 


curl -X DELETE -u <username>:<password> 
-d '["215947d0-569d-11e9-8032-2fa7ed9d9b64" |" 
"https://<QualysURL>/cloudview-api/rest/v1/azure/connectors' 


Response 


No Content 
Response Code: 204 
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Azure Evaluations 


Get the stats for specified control id and resource id 


/rest/v1/azure/evaluations/stats/{controlld}/{connectorld}?resourceld={res 
ourceld} 


[GET] 
Specify the details such as control ID, resource ID, and connector ID to get the 
statistics for specified control and resource ID. 


Note: By default, the response includes the data for last 24 hours. 
Input Parameters 
Parameter Description 


controlld (string) Specify the control ID of a control for which 
resources evaluated need to be fetched 


resourceld (string) Specify the unique ID of the resource being 
evaluated. 
connectorld (string) Specify the unique Id associated with the 


connector in the user’s scope. 


Sample - Get list of connectors in user's account 


Return the list of all connectors in the user’s scope. 


API request 


curl -k -X GET -u <username>:<password> 

‘https: //<QualysURL>/cloudview- 
api/rest/v1/azure/evaluations/stats/50029/e55d5977 -6368-3afb-b48b- 
a17f7ee21234?resourceld=%2F subscriptions%2F1d767489-da@c -4948-a285- 
bf2c708c1234%2FresourceGroups%2FAB- 
rg%2Fproviders%2FMicrosoft.Network%2FnetworkSecurityGroups%2FAB-sg' ' 
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Response 


{ 


“firstEvaluated": "2021-03-08T23:01:10+0000", 
“lastEvaluated": "2021-03-22T12:07:05+0000", 
"dateReopen": "2021-03-25T08:57:17+0000", 
“dateFixed": "2021-03-257T08:51:45+0000", 
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Get the list of evaluations as per the subscription for Azure Controls 


/rest/vl/azure/evaluations/{subscriptionld} 


[GET] 


Specify the details such as control ID, resource ID, and connector ID to get the 
statistics for specified control and resource ID. 


Input Parameters 


Parameter 


subscriptionld 


filter 


Description 


(string) Specify the unique Id associated with your 
Azure subscription. 


Filter the resources list by providing a query using 
Qualys syntax. 


If you do not add a date filter, by default the data for 
last 24 hours is included in the response. If you need 
data for specific date or date range, form your filter 
query using evaluatedOn token. 


Examples: 


Show resources discovered within certain dates 
evaluatedOn: [2019-01-01 … 2019-03-01] 


Show resources updated starting 2019-01-01, ending 1 
month ago 
evaluatedOn: [2019-01-01 … now-1m] 


Show resources updated starting 2 weeks ago, ending 
1 second ago 
evaluatedOn: [now-2w … now-1s] 


Show resources discovered on specific date 
evaluatedOn: 2019-01-08 


Sample - Get all or filter the evaluations for your account 
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API request 


curl -k -X GET -u <username>:<password> 
"https: //<QualysURL>/cloudview-api/rest/v1/azure/evaluations/11111111- 
1111-1111-1111-111111111111?filter=control.result%3APASS' 


Response 
d 
"content": [ 
i 
"controlName": “Ensure that Adaptive Application Controls is set 
to On", 
"policyName": "CIS Microsoft Azure Foundations Benchmark", 
teriticalitye HR SIR 
"service": "SECURITY CENTER", 
"result": “PASS”, 
"controlId": "50003", 
“passedResources": 1, 
“failedResources": 0, 
“passWithExceptionResources": 1 
Jo 


"pageable": { 

SORTE: 21 
"unsorted": true, 
"sorted": false 

}; 

"pageSize": 100, 

"pageNumber": 0, 

"offset": 0, 

"unpaged": false, 

"paged": true 

Jo 

"totalElements": 16, 

"totalPages": 1, 

Weise’ tat: 

“First: true, 

ESO ted 
"unsorted": true, 
"sorted": false 

Jo 

"numberOfElements": 16, 

"size": 100, 

"number": @ 
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Get the resources evaluated for the specified Azure subscription and 


control id 


/rest/vl/azure/evaluations/{subscriptionld}/resources/{controlld} 


[GET] 


Specify the details such as control ID, resource ID, and connector ID to get the 
statistics for specified control and resource ID. 


Input Parameters 


Parameter 


subscriptionld 


filter 


Description 


(string) Specify the unique Id associated with your 
Azure subscription. 


Filter the resources list by providing a query using 
Qualys syntax. 


If you do not add a date filter, by default the data for 
last 24 hours is included in the response. If you need 
data for specific date or date range, form your filter 
query using evaluatedOn token. 


Examples: 


Show resources discovered within certain dates 
evaluatedOn: [2019-01-01 ... 2019-03-01] 


Show resources updated starting 2019-01-01, ending 1 
month ago 
evaluatedOn: [2019-01-01 … now-1m] 


Show resources updated starting 2 weeks ago, ending 
1 second ago 
evaluatedOn: [now-2w … now-1s] 


Show resources discovered on specific date 
evaluatedOn: 2019-01-08 
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controlld (string) Specify the control ID of a control for which 
resources evaluated need to be fetched 


pageNo (integer) The page to be returned. 


pageSize (integer) The number of records per page to be 
included in the response. 


Sample - Get all or filter the evaluations for your account 


API request 


curl -X GET --header ‘Accept: application/json' --header 
"Authorization: Basic dXNlcmShbWU6cGFzc3dvcmQK==' 

"https: //<QualysURL>/cloudview-api/rest/v1/azure/evaluations/11111111- 
1111-1111-1111-111111111111/resources/50001? pageNo=0&pageSize=50' 


Response 
1 
"content": [ 
{ 
"resourceld": "TestResource", 
"subscriptionId": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", 
"evaluatedOn": "2020-03-15707:07:24+0000", 
"evidences": [ 
{ 
"settingName": "Data Encryption", 
"actualValue": "On", 
"expectedValue": "" 
} 
]; 
"resourceType": “SQL SERVER DATABASE", 
"result": "PASS", 
“evaluationDates": { 
“firstEvaluated": "2020-03-13115:02:07+0000", 
“lastEvaluated": "2020-03-22T11:06:07+0000", 
"dateReopen": null, 
“dateFixed": null 
} 
Jo 
{ 


"resourceId": “dnd-automation-mcheck-pass", 
"subscriptionId": "XXXXXXXX -XXXX-XXXX-XXXX-XXXXXXXXXXXX" , 
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“evaluatedOn": "2020-@3-22T11:06:08+0000", 
"evidences": [ 


{ 
"settingName": "Data Encryption", 
"actualValue": "On", 
"expectedValue": "" 
} 
]; 


"resourceType": “SQL SERVER DATABASE", 
"result": “PASS WITH EXCEPTION", 
“evaluationDates": { 
“firstEvaluated": "2020-03-13115:02:09+0000", 
“lastEvaluated": "2020-03-22T11:06:08+0000", 
"dateReopen": null, 
"dateFixed": null 


} 

} 

l» 
"pageable": { 

MS Oltte ss a) 
"unsorted": true, 
"sorted": false 

}; 

"pageSize": 50, 

"pageNumber": 0, 

"offset": Ø, 

"unpaged": false, 

"paged": true 

Jo 


"totalElements": 2, 
"totalPages": 1, 
"last": true, 
RIE true, 
“SORT 4 
"unsorted": true, 
"sorted": false 
D 
“numberOfElements": 2, 
ES Ze RS OR 
"number": Q 
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CloudView APIs 


Connector Groups Management APIs 


Get Groups 
/rest/v1/groups 


[GET] 


Fetch the list of groups associated with the user. 


Input Parameters 


Parameter Description 
pageNo (integer) The page to be returned. 
pageSize (integer) The number of records per page to be 


included in the response. 


Sample - Get the list of all groups associated with the user 


API request 


curl -k -X GET -u <username>:<password> 
"https: //<QualysURL>/cloudview-api/rest/v1/groups ?pageNo=0&pageSize=3 ' 


Response 
tl 
"content": [ 
d 
"name": “empty”, 
"uuid": "bad111c0-5de8-31ef-1111-4f1c2bd11111", 
"connectors": [] 
}; 
{ 


"name": “sample 1", 
"uuid": "Q1011f80-feld-38c5-1111-56ac16361111", 
"connectors": [ 
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{ 
"connectorUuid": "d@83@ee@-c4b7-11e9-b442-ad@de981ea5c", 


“accountIdentifier": "XXXXXXXXXXXX", 
"cloudType": "AWS" 


} 
] 
D 
{ 
"name": “Sample 2 Azure", 
"uuid": "ce7c@d23-af60-320F-b8cb-f6b51b2fb8a5", 
"connectors": [ 
{ 
"connectorUuid": "5926c280-c587-11e9-9230-31a5d0c73f76", 
"accountIdentifier": "“XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", 
“cloudType": "AZURE" 


"connectorUuid": "2e0c1660-d061-11e9-ad71-df4fba75b3c5", 
"accountIdentifier": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"", 
"cloudType": "AZURE" 
} 
] 
i 
lla 
"pageable": { 
“sortes À 
"unsorted": true, 
"sorted": false 
}; 
"pageSize": 3, 
"pageNumber": 0, 
"offset": Ø, 
"unpaged": false, 
"paged": true 
ds 
“totalElements": 27, 
"last": false, 
"totalPages": 9, 
ALPS 8 Erue, 
ESOR TE E 
"unsorted": true, 
"sorted": false 


Jo 
“numberOfElements": 3, 
"size": 3, 


"number": @ 
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Create Group 
/rest/v1/groups/{cloudType} 


[POST] 


The groups help you to organize your connectors and to manage user access 
to them. You can create groups and associate it with connectors and form 
connector groups or segregate connectors using a specific group for a 
connector as well. Use groups to provide access or restrict access to users 
you create. 


Input Parameters 


Parameter Description 


groupName (String) Provide a name for the group you want to 
create. Ensure that the name is unique. 


Sample - Create a group in CloudView 


API request 


curl -k -X POST -u <username>:<password> 
‘https: //<QualysURL>/cloudview- 
api/rest/v1/groups?groupName=sample group 


Response 
{ 

"name": “sample group", 

“groupId": "745aca99-6ab6-3e1d-8e65-7b4febc@005e" 
} 
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Update Group 
/rest/v1/groups/connectors 


[POST] 


The groups help you to organize your connectors and to manage user access 
to them. You can update groups and associate it with connectors and form 
connector groups or segregate connectors using a specific group for a 
connector as well. Use groups to provide access or restrict access to users 
you create. 


Input Parameters 


Parameter Description 


connectorGroupModifyRequest (body) Use this to specify the connector 
group IDs that you want to add and 
remove groups. 


Example: 


{ 


“accountIdentifiers": ["string"], 
SL be 
„groúpldsen iS ERINES] 
e 
"remove": { 
"groupIds": ["string"] 
} 


where, 

accountidentifiers:The ungiue identifier 
associated with a connector. For every 
cloud provider, the identifier is different. 


- AWS: account ID (Example: 111111111111) 


- Azure: subscription ID (Example: 
11111111-1111-1111-1111-111111111111) 
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- GCP: project ID (Example: 
sample gcp) 


grouplds: Unique Id associated with 
each group. 


Example: ea4b240f-c27c-30a6-ba28- 
8fc9a38fa8di. 


cloudType Select the cloud provider to which the 
connector being updated belongs. 


Sample - Update Connectors in a group 


API request 


curl -k -X POST -u <username>:<password> 
‘https: //<QualysURL>/cloudview- 
api/rest/v1/groups/connectors?cloudType=GCP" 


Request POST Data 


{ 
“accountIdentifiers": [ "gcp-demo" ], 
"add": 
{ 
“groupIds": [ "ea4b240f-c27c-30a6-ba28-8fc9a38fa8d1l" | 
Jo 
"remove": 
{ 
“groupIds": [ "8b23977c-9f28-3007-8c11-c0469494053f" ] 
} 

} 
'<QualysURL>/cloudview-api/rest/v1/groups/connectors?cloudType=GCP' 
Response 
No Content 


Response Code: 204 
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Get Group Details 
/rest/v1/groups/{groupUuid} 


[GET] 


You can get details of a group by specifying the unique Id associated with a 
group. 


Input Parameters 


Parameter Description 


GroupUuid (integer) Unique Id associated with each group. 


Example: groupUuid: b3e9036d-b546-30d4-99fb- 
ch64b15efffa 


Sample - Get the list of groups 


API request 


curl -k -X GET -u <username>:<password> ' 
https://<QualysURL>/cloudview-api/rest/v1/groups/2d16e55b-d01a-3fcb- 
8239-3d4ea04bc54a' 


Response 

{ 
"name": "group2", 
"uuid": "2d16e55b-d@1a-3fcb-8239-3d4ea04bc54a", 
"connectors": [ 


{ 
"connectorUuid": "66e7d1f0-c8c2-11e9-9fcb-85661d3ad949", 
“accountIdentifier": "gcp-demo", 
"cloudType": "GCP" 

Jo 

{ 


"connectorUuid": "271bdec@-d2F1-11e9-93db-85a6F54e372e", 
“accountIdentifier": “gcp example 2", 
"cloudType": "GCP" 
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CloudView APIs 


Control Meta Data 


Get Control Metadata 
/rest/v1/controls/metadata/list 


[GET] 


Fetch the metadata for controls. You can use the filters we support to narrow 
down the controls to be fetched in the response. We support two method: 
XML and JSON for the response. You can choose the required method and 
fetch the data in XML and JSON. 


Input Parameters 


Parameter Description 


filter (query) Filter the controls list by providing a query 
using Qualys syntax. You can use the following tokens: 


- control.name 

- resource.type 

- service.type 

- cid 

- provider 

- control.criticality 
- control.type 

- policy.name 


- createdDate 
- modifiedDate 
- isCustomizable 
pageNo (integer) The page to be returned. 
pageSize (integer) The number of records per page to be 


included in the response. 


Sample - Get the control metadata (AWS) 
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API request 


curl -X GET -u <username>:<password> 

"https: /<QualysURL>//cloudview- 
api/rest/v1/controls/metadata/list?filter=provider%3AAWS&pageNo=0&page 
Size=100" -H "accept: application/xml' 


Response (XML) 


<?xml version='1.0' encoding='UTF-8' ?> 
<CONTROL_LIST_OUTPUT> 
<DATETIME >2021-07-06T12:50: 34.526+00:00</DATETIME> 
<CONTROL_LIST> 
<CONTROL> 
<CID>1</CID> 
<CONTROL_NAME>Ensure multi-factor authentication (MFA) is 
enabled for all IAM users that have a console password</CONTROL_NAME> 
<CREATED>2020-05-07T12:56:56+0000</CREATED> 
<MODIFIED>2021-05-06T11:31:00+0000</MODIFIED> 
<CONTROL_TYPE>System Defined</CONTROL_TYPE> 
<PROVIDER>AWS</PROVIDER> 
<IS_CUSTOMIZABLE>false</IS_CUSTOMIZABLE> 
<SERVICE_TYPE>< ! [CDATA[ IAM] ]></SERVICE_TYPE> 
<CRITICALITY>HIGH</CRITICALITY> 
<EVALUATION> 
<EVALUATION_DESCRIPTION> 
<![CDATA[<p>Check IAM Users having console password 
enabled has MFA Set to True.</p> 
/n 
<p>Changes in account credentials may take upto 4 hours to 
get reflected in the AWS IAM evaluations. The time taken depends on 
when the last credential report was fetched by the Cloud View service 
and the time when changes were made in AWS IAM</p> 
Iie 
</EVALUATION DESCRIPTION> 
<PASS MESSAGE: LAN user is configured with 
MFA. </PASS MESSAGE: 
<FAIL MESSAGE>IAM user is not configured with 
MFA. </FAIL MESSAGE: 
<EVALUATION CRITERIA LIST/> 
</EVALUATION> 
<SPECIFICATION> 
<![CDATA[<p>Multi-Factor Authentication (MFA) adds an extra 
layer of protection on top of a user name and password. With MFA 
enabled, 
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when a user signs in to an ANS website, they will be 
prompted for their user name and password as well as for an 
authentication code from their AWS MFA device. It is 
recommended that MFA be enabled for all accounts that have a 
console password.</p> 


/n 


</REFERENCES> 
<RESOURCE TYPE>IAM User</RESOURCE TYPE > 
<REMEDIATION ENABLED>false</REMEDIATION ENABLED> 
<POLICY NAME LIST> 
<POLICY NAME>CIS Amazon Web Services Foundations 
Benchmark</POLICY NAME> 
</POLICY NAME LIST> 
</CONTROL > 
</CONTROL_LIST> 
</CONTROL_LIST_OUTPUT> 


Response (JSON) 


{ 
“dateTime":"2021-07-06T12:52:15.637+00:00", 
GEESS EE 
d 
Wen Ia blac BS 
"“controlName":"Ensure multi-factor authentication (MFA) is 
enabled for all IAM users that have a console password", 
"created" :"2020-05-071T12:56:56+0000", 
“modified":"2021-05-06T11:31:00+0000", 
"controlType":"System Defined", 
“provider”: "AWS", 
"isCustomizable": false, 
"serviceType":"IAM", 
DEP ne ker Nn ce EI Ke 
"evaluation": { 

"evaluationDescription":"<p>Check IAM Users having 
console password enabled has MFA Set to True.</p>/n<p>Changes in 
account credentials may take upto 4 hours to get reflected in the AWS 
IAM evaluations. The time taken depends on when the last credential 
report was fetched by the Cloud View service and the time when changes 
were made in AWS IAM</p>", 

"passMessage":"IAM user is configured with MFA.", 

"failMessage":"IAM user is not configured with MFA.", 

"evaluationCriteria”: [ 

] 

T 
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"specification":"<p>Multi-Factor Authentication (MFA) adds 
an extra layer of protection on top of a user name and password. With 
MFA enabled, \n when a user signs in to an AWS website, they 
will be prompted for their user name and password as well as for an\n 

authentication code from their AWS MFA device. It is 
recommended that MFA be enabled for all accounts that have an 


console password.</p>/n<p>\n CIS reference: CIS 
Amazon Web Services Foundations Benchmark v1.3.0 - 08-07-2020: 
Recommendation #1.10\n </p>", 


"CIS Amazon Web Services Foundations Benchmark" 


} 


Sample - Get the control metadata (Azure) 


API request 


curl -X GET -u <username>:<password> 
"https: //<QualysURL>/cloudview- 
api/rest/v1/azure/connectors?pageNo=0&pageSize=50' 


Response (XML) 


Pxml version='1.0' encoding='UTF-8'?> 
<CONTROL_LIST_OUTPUT> 
<DATETIME >2021-07-06T12:55:48.065+00:00< /DATETIME> 
<CONTROL_LIST> 
<CONTROL> 
<CID>50001</CID> 
<CONTROL_NAME>Ensure that Data encryption is set to ON for a 
SQL database</CONTROL_NAME> 
<CREATED>2020-05-07T01: 27 :53+0000</CREATED> 
<MODIFIED>2021-04-22T@6:41:05+0000</MODIFIED> 
<CONTROL_TYPE>System Defined</CONTROL_TYPE> 
<PROVIDER>AZURE< /PROVIDER> 
<IS_CUSTOMIZABLE>false</IS_CUSTOMIZABLE> 
<SERVICE_TYPE><![CDATA[Azure SQL]]></SERVICE_TYPE> 
<CRITICALITY>HIGH</CRITICALITY> 
<EVALUATION> 
<EVALUATION DESCRIPTION> 
<! [CDATAT <p> 
This control ensures that ‘Transparent Data Encryption! is 
enabled for a threat detection policy on a SQL server. 
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</p> 


<POLICY NAME LIST> 
<POLICY NAME>CIS Microsoft Azure Foundations 
Benchmark</POLICY_NAME> 
</POLICY_NAME_LIST> 
</CONTROL > 
</CONTROL_LIST> 
</CONTROL_LIST_OUTPUT> 


Response (JSON) 


<?xml version='1.0' encoding='UTF-8' ?> 
<CONTROL_LIST_OUTPUT> 
<DATETIME >2021-07-06T12:55:48.065+00:00< /DATETIME> 
<CONTROL_LIST> 
<CONTROL> 
<CID>50001</CID> 
<CONTROL_NAME>Ensure that Data encryption is set to ON for a 
SQL database</CONTROL_NAME> 
<CREATED>2020-05-07T01: 27 : 53+0000< /CREATED> 
<MODIFIED>»2021-04-22T06:41:05+0000< /MODIFIED»> 
<CONTROL_TYPE>System Def ined</CONTROL TYPE> 
<PROVIDER>AZURE</PROVIDER> 
<IS CUSTOMIZABLE>false</IS CUSTOMIZABLE > 
<SERVICE_TYPE><![CDATA[Azure SQL]]></SERVICE_TYPE> 
<CRITICALITY>HIGH</CRITICALITY> 
<EVALUATION> 
<EVALUATION DESCRIPTION> 
< ! [CDATA[ <p> 
This control ensures that ‘Transparent Data Encryption’ is 
enabled for a threat detection policy on a SQL server. 
</p> 
]]> 
</EVALUATION DESCRIPTION> 
<PASS MESSAGE Transparent Encryption is Enabled for a SQL 
Database</PASS MESSAGE > 
<FAIL MESSAGE>Transparent Encryption is not Enabled for a 
SQL Database</FAIL MESSAGE > 
<EVALUATION CRITERIA LIST/> 
</EVALUATION> 
<SPECIFICATION> 
<! [CDATAT <p> 
Enable Transparent Data Encryption on every SQL database. 
</p> 
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"CIS Microsoft Azure Foundations Benchmark" 


Sample - Get the control metadata (GCP) 


API request 


curl -X GET -u <username>:<password> 
"https: //<QualysURL>/cloudview- 
api/rest/v1/gcp/connectors ?pageNo=@&pageSize=50 


Response (XML) 


<?xml version='1.0' encoding='UTF-8' ?> 
<CONTROL LIST OUTPUT> 
<DATETIME >2021-07-06T12:57:27.547+00:00< /DATETIME> 
<CONTROL_LIST> 
<CONTROL> 
<CID>52000</CID> 
<CONTROL_NAME>Ensure that corporate login credentials are used 
instead of Gmail accounts</CONTROL_NAME> 
<CREATED>2020-05-07TO1: 24: 08+0000< /CREATED> 
<MODIFIED>2021-05-19T@9 :00:54+0000</MODIFIED> 
<CONTROL_TYPE>System Defined</CONTROL_TYPE> 
<PROVIDER>GCP</PROVIDER > 
<IS CUSTOMIZABLE>false</IS CUSTOMIZABLE > 
<SERVICE_TYPE><![CDATA[IAM & Admin] ]></SERVICE_TYPE> 
<CRITICALITY>MEDIUM</CRITICALITY> 
<EVALUATION> 
<EVALUATION_DESCRIPTION> 
< ! [CDATAT <p> 
This control ensures that corporate login credentials are used 
instead of Gmail accounts. 
</p> 


<POLICY NAME LIST> 
<POLICY NAME>CIS Google Cloud Platform Foundation 
Benchmark</POLICY NAME> 
</POLICY NAME LIST> 
</CONTROL > 
</CONTROL LIST OUTPUT > 
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Response (JSON) 


d 
"dateTime":"2021-07-06712:58:24.633+00:00", 
EES 
d 
"cid":52000, 
"controlName":"Ensure that corporate login credentials are 
used instead of Gmail accounts", 
"created" :"2020-05-07T01:24:08+0000" , 
"modified":"2021-05-19T09:00:54+0000", 
“controlType":"System Defined", 
“provider”: "GCP", 
"isCustomizable": false, 
"serviceType":"IAM & Admin", 
"eriticality MEDIUM; 
"evaluation": { 

"evaluationDescription":"<p>\n This control 
ensures that corporate login credentials are used instead of Gmail 
accounts. \n S/P, 

"passes sage": “Corporate login credentials are used 
instead of Gmail account", 

"failMessage":"Corporate login credentials are not 
used instead of Gmail account", 

"evaluationCriteria":[ 


] 
T 
"specification":"<p>\n Use corporate login 
credentials instead of Gmail accounts.\n </p>/n<p>\n\t CIS 


reference: Google Cloud Platform Foundation Benchmark v1.1.0 - 03-12- 
2020: Recommendation #1.1\n\t </p>", 


"“policyNames": [ 
“CIS Google Cloud Platform Foundation Benchmark" 
] 
} 
DTD (metadata.dtd) 
Below the metadata.dtd used in the new API that we introduced. 
<!DOCTYPE CONTROL LIST OUTPUT [ 


<!ELEMENT CONTROL LIST OUTPUT 
(DATETIME , WARNING? , CONTROL _LIST)*»> 
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<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
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DATETIME (#PCDATA) > 

WARNING (CODE, TEXT,URL)*> 

CODE (#PCDATA)> 

TEXT (#PCDATA)> 

URL (#PCDATA) > 

CONTROL LIST (CONTROL) *> 

CONTROL 
CREATED,MODIFIED, CONTROL_TYPE, PROVIDER, IS_CUSTOMIZAB 


LE,SERVICE_TYPE,CRITICALITY, EVALUATION, SPECIFICATION, RATIONALE , MANUAL ` 
REMEDIATION, REFERENCES, RESOURCE _TYPE , REMEDIATION ENABLED, POLICY NAME L 


IST)*> 


<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 


CID (#PCDATA) > 
CONTROL_NAME (#PCDATA) > 
CREATED (#PCDATA) > 
MODIFIED (#PCDATA) > 
CONTROL TYPE (#PCDATA) > 
PROVIDER (#PCDATA) > 

IS CUSTOMIZABLE (#PCDATA) > 
SERVICE TYPE (#PCDATA)> 
CRITICALITY (#PCDATA) > 
EVALUAT ION 


(EVALUATION DESCRIPTION,PASS MESSAGE, FAIL MESSAGE, EVALUATION CRITERIA _ 


LIST) *> 


<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 


E 


EVALUATION DESCRIPTION (#PCDATA) > 

PASS MESSAGE (#PCDATA) > 

FAIL_MESSAGE (#PCDATA) > 

EVALUATION CRITERIA LIST (EVALUATION CRITERIA)*> 
EVALUATION CRITERIA (LABEL,OPERATOR, VALUE) *> 
LABEL (#PCDATA) > 

OPERATOR (#PCDATA) > 

VALUE (#PCDATA) > 

SPECIFICATION (#PCDATA)> 

RATIONALE (#PCDATA)> 

MANUAL_REMEDIATION (#PCDATA) > 

REFERENCES (#PCDATA) > 

RESOURCE TYPE (#PCDATA) > 

REMEDIATION ENABLED (#PCDATA) > 

POLICY NAME LIST (POLICY NAME) *> 

POLICY NAME (#PCDATA) > 
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GCP Connector 


We support the following operations for GCP Connector. 


Get list of connectors 


Get the details of a connector 


Create a new connector 


Run the provided connector 


Update the existing connector 


Enable Connector (GCP) 


Disable Connector (GCP) 


Delete the provided connectors 


GCP Evaluations 


Cloud View APIs 


We support the following control evaluations for GCP resources 


Get the stats for specified control id and resource id 


Get the list of evaluations per account for GCP controls 


Get the resources evaluated for the specified GCP account and control id 
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Get GCP Connectors 
/rest/v1/gcp/connectors 


[GET] 


List all GCP connectors in the user's account. 


Input Parameters 


Parameter Description 

filter Filter the connectors list by providing a query using 
Qualys syntax. The following search tokens are 
supported. 


- name: Name of the connector 
- description: Short description of the connector 


- state: Connector status The valid values are 
SUCCESS, PENDING, REGIONS_DISCOVERED, ERROR 


- connector.uuid: Unique Id assigned to the connector. 
For example, 6192ce15-e790-3fe2-a02c-b4bc7/75ecf123" 


- lastSyncedOn: Date and time when the connector 
synced with the cloud provider. 


Note: This time should be in UTC time 
pageNo (integer) The page to be returned. 


pageSize (integer) The number of records per page to be 
included in the response. 


sort (keyword) Sort the results using a Qualys token. 
Sorting is currently enabled with only one sort token: 
lastSyncedOn. The allowed values are asc or desc. 
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Sample - Get list of GCP connectors in user's account 


Return the list of all GCP connectors in the user's scope. 


API request 


curl -k -X GET -u <username>:<password> 
"https: //<QualysURL>/cloudview-api/rest/v1/gcp/connectors ?pageNo=0& 
pageSize=50" 


Response 


{ 
"content": [ 
{ 

"name": “GCP Connector", 
“connectorId": "57d5b7c1-685a-3da8-ab11-c465c@ee60e6", 
“descriptions: 02%, 
"provider": “GCP” ; 
"state": "SUCCESS", 
“totalAssets": 238, 
"LastSyncedOn": "Thu May 20 11:51:41 UTC 2021", 
"nextSyncedOn": "Thu May 20 15:26:27 UTC 2021", 
“remediationEnabled": true, 
“isDisabled": false, 
"projectId": "“my-project-XXXXXXXXXX", 
"groups": [ 

{ 

"name": “SAMPLe Group", 
"uuid": "4659b745-c06d-39ef-8bc1-e6f7f5acee12" 
D 
i 


"name": “GCP Connectors", 
"uuid": "173236f5-5b34-3757-9782-5e9dec1c1709" 


} 
l 
"pollingFrequency": { 
“hours: = 4; 
"minutes": © 


"name": "GCP Connector 2", 
"connectorId": "e544c21a-2b0d-30be-a7cd-7983c53dcded", 


"description": 5 
"provider": "GCP", 
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states: SUCCESS 

“totalAssets": 146, 

"lastSyncedOn": "Thu May 20 11:51:36 UTC 2021", 
"nextSyncedOn": "Thu May 20 14:58:36 UTC 2021", 
“rpemediationEnabled": true, 

“isDisabled": false, 

“projectId”: my-project-XXXXXXXXXX", 


} 

"pageable": { 

Sorte 
"unsorted": true, 
"sorted": false 

}; 

"pageSize": 50, 

"pageNumber": 0, 

"offset": 0, 

"paged": true, 

"unpaged": false 

hs 

"totalElements": 2, 

"last": true, 

"totalPages": 1, 

nst aale: 

SO ES 
"unsorted": true, 
"sorted": false 

hs 

"numberOfElements": 2, 

"size": 50, 

"number": Q 


Sample - Filter the list of GCP connectors in success state and sort in 
descending order with lastSyncedOn 


API request 


curl -k -X GET -u <username>:<password> 

“https: //<QualysURL>/cloudview- 
api/rest/v1/gcp/connectors?filter=state%3DSUCCESS&pageNo=1&pageSize=50 
&sort=lastSyncedOn%3Adesc" 


Response 
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{ 
"content": [ 
{ 
"name": "Sample GCP Connector", 
"connectorId": “a7c152e6-2417-3bbf-980d-bfe6f5912345", 
"description": “gcp connector", 
"provider": "GCP", 
"state": "SUCCESS", 
"totalAssets": 67, 
"lastSyncedOn": "Thu Nov 26 07:50:27 UTC 2020", 
"nextSyncedOn": “Thu Nov 26 11:50:27 UTC 2020", 
"isDisabled": false, 
"projectId": "project1", 
ge I, 
"pollingFrequency": { 
"hours": 4, 
"minutes": @ 
} 
T. 


"numberOfElements": 2, 
"size": 50, 
"number": @ 
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Get GCP Connector Details 
/rest/v1/gcp/connectors/{connectorld} 


[GET] 


View details for a specific GCP connector which is in the user’s scope. 


Input Parameters 


Parameter Description 


connectorld (string) Specify the unique Id associated with 
connector in the user’s scope. 


Sample - Get details of a specific GCP connector in user's account 


API request 


curl -k -X GET -u <username>:<password> 
‘https: //<QualysURL>/cloudview-api/rest/v1/gcp/connectors/1111a111- 
1111-11a1-a1a1-1aa1a1111111' 


Response 

it 
"name": "GCP Connector", 
"connectorId": "1111a111-1111-11a1-a1a1-1aa1a1111111", 
“descriptions: "", 


"provider": "GCP", 

“States SUCCESS 

“totalAssets": 238, 

"lastSyncedOn": “Thu May 20 11:51:41 UTC 2021", 
"nextSyncedOn": "Thu May 20 15:26:27 UTC 2021", 
"remediationEnabled": true, 

“isDisabled": false, 


"projectId": “my-project-XXXXXXXXXXX", 
"groups": [ 
"name": "GCP Connectors", 


"uuid": "173236f5-5b34-3757-9782-5e9dec1c1709" 
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Jo 
{ 
"name": “Sample Group", 
"uuid": "4659b745-c06d-39ef-8bc1-e6f7f5acee12" 
} 
IF 


"pollingFrequency": { 
KO UI Sen 
"minutes": © 


} 


98 


Create GCP Connector 
/rest/v1/gcp/connectors 


[POST] 


Cloud View APIs 


Specify the connector details such as name, description, polling frequency, 
project ID and upload the configuration (JSON) file and create a new 


connector. 


Input Parameters 


Parameter 

name 

description 

configFile 
pollingFrequencyinHrs 


pollingFreguencylnMinutes 


Description 
Name of the connector 
Description of the connector 


Provide the configuration file. 


Polling frequency for a connector decides the 
rate at which the connector should poll the 
cloud provider and fetch the data. 


- pollingFrequencylnHrs: Specify the time in 
hours. The valid range is 1 to 24 hours. 


- pollingFrequencylnMinutes: Specify the time in 
minutes. The valid range is O to 59 minutes. 


You can configure frequency from minimum one 
hour to maximum 24 hours. We recommend that 
you configure frequency of 4 hours or more for 
optimal use of your connector. Configuring a 
low polling frequency (lesser than 4 hours) can 
affect the performance of the connector and 
may result in AWS API throttling error. 


Note: Configuration of connector polling 
frequency is enabled only for Cloud Security 
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Assessment (CSA) users. For all other users, the 
default connector polling frequency is pre- 
configured and even if you update the 
connector polling frequency, the change in 
frequency will not reflect. For Cloud Inventory 
(CI) users, the pre-configured frequency is 24 
hours. For the trial period, the pre-configured 
frequency it is 4 hours. 


projectlid Provide the project Id for the GCP connector 
you want to create. 


remediationEnabled: {true, (boolean). A flag to enable or disable 

false} remediation for the connector. To enable 
remediation, the remediationEnabled flag needs 
to be set to true. This flag is optional. By default, 
this flag is configured to false. If remediation is 
enabled on a connector, the response includes 
"remediationEnabled”: true. If you do not set the 
flag, the existing remediation status of the 
connector is displayed in the response. 


Note: The remediation feature is available only 
to Cloud Security Assessment (CSA) subscribers 
and is enabled by default. 


Sample - Create a new GCP Connector 


API request 


curl -k -X POST -d <username>:<password> 

-H "Content-Type: multipart/form-data" 

-F “configFile=@sample project-208707- 
56baacf5cc17.json;type=application/json" -F “description=sample 
description” -F “name=Sample GCP Connector" -F 
“pollingFrequencyInHrs=10" -F “pollingFrequencyInMinutes=15" -F 
“projectId=sample project-208707" -H “remediationEnabled=true" 
‘https: //<QualysURL>/cloudview-api/rest/v1/gep/connectors' 


Note: Upload the configuration file required for GCP connector creation. 


Response 
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"name": “Sample GCP Connector", 
"connectoriId": "fde424cb-5b3c-3ccd-b@24-b40613cf1e51", 
"description": "sample description", 


"provider": "GCP", 

"state": "PENDING", 

"totalAssets": 0, 

"lastSyncedOn": “Thu Feb 25 03:43:08 UTC 2021", 
"nextSyncedOn": “Thu Feb 25 13:58:08 UTC 2021", 
"remediationEnabled": true, 

“isDisabled": false, 

"“projectId": “sample project-208707", 

"groups": [], 

"pollingFrequency": \{ “hours”: 10, "minutes": 15 L 
} 
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Run Connector (GCP) 
/rest/v1/gcp/connectors/run 


[POST] 


Specify the connector details and run the specified GCP connector. 


Input Parameters 


Parameter Description 


connectorRunRequest (Array [string]) Specify the unique Id associated 
with connector in the user’s scope. 


Example: 


[ 


"string" 


] 
Sample - Run the specified GCP connector 


API request 


curl -k -X POST -d <username>:<password> -d “['1111a111-1111-11a1- 
ala1-1aa1a1111111']" 


'https://<QualysURL>/cloudview-api/rest/v1/gcp/connectors/run' 


Response 


No Content 
Response Code: 204 
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Update Connector (GCP) 
/rest/v1/gcp/connectors/{connectorld} 
[PUT] 


Specify the connector ID and the details to be updated to update details of 
the specified connector. 


Input Parameters 


Parameter Description 


connectorld Cinteger) Specify the unique Id associated with 
connector in the user’s scope. 


name Name of the connector 
description Description of the connector 


remediationEnabled: (boolean). A flag to enable or disable remediation 

{true, false} for the connector. To enable remediation, the 
remediationEnabled flag needs to be set to true. 
This flag is optional. By default, this flag is 
configured to false. If remediation is enabled ona 
connector, the response includes 
"remediationEnabled”: true. If you do not set the 
flag, the existing remediation status of the 
connector is displayed in the response. 


Note: The remediation feature is available only to 
Cloud Security Assessment (CSA) subscribers and 
is enabled by default. 


configFile Provide the configuration file. 


Sample - Update the GCP connector 


You can update either one or multiple elements of the GCP connector. 
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API request 


curl -k -X PUT -u <username>:<password> -F name=Change name GCP -F 
“pollingFrequencyInHrs=4" -F "pollingFrequencyInMinutes=0 H 
“remediationEnabled=true" ‘https://<QualysURL/cloudview- 
api/rest/v1/gcp/connectors/1f325070-5152-11e9-8cf3-e3dcac181204" 


Response 

i 
"name": "Change name GCP", 
"description": “Test description", 


"state": "PENDING", 

“totalAssets": 0, 

“projectId”: “my-project-1111111111111", 
"provider": "GCP", 

“"remediationEnabled": true, 

“connectorId": “1f325070-5152-11e9-8cf3-e3dcac181204", 
“lastsSyncedOn "Fri Apr 1 10:33:08 UTC 2020" , 
"pollingFrequency": { 

"hours": 4, 

"minutes": 0 

Jo 

"nextSyncedOn": "Fri Apr 1 14:33:08 UTC 2020" 


Se 
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Enable Connector (GCP) 
/rest/v1/gcp/connectors/connectors/enable 


[PATCH] 


We give you the flexibility to enable or disable a connector. By default, all 
connectors you create are in enabled state. When you disable a connector, it 
is not eligible for auto-run or manual run. You can enable a disabled 
connector to make it eligible for auto-run or manual run. You can view 
connector details, update or delete a disabled connector. 


Note: If a combination of connectors (enabled/disabled) or only disabled 
connector are run using Run API request call, the response is always 
acknowledged: true. The Run connector API always skips disabled connector 
for all clouds. 


Input Parameters 


Parameter Description 


connectorld (integer) Specify the unique Id associated with 
connector in the user’s scope to be enabled. 


Sample - Enable GCP Connector 


Let us consider an example to enable an GCP connector. 


API request 


curl -k -X POST -u <username>:<password> 

"https: //<QualysURL>/cloudview- 
api/rest/v1/gcp/connectors/connectors/enable'-d "[ \"359dba68-8559- 
30f4-88d5-d4720647a23f\"]" 


Response 
i 

"acknowledged": true 
} 
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Disable Connector (GCP) 
/rest/v1/aws/connectors/connectors/disable 


[PATCH] 


We give you the flexibility to enable or disable a connector. By default, all 
connectors you create are in enabled state. When you disable a connector, it 
is not eligible for auto-run or manual run. You can enable a disabled 
connector to make it eligible for auto-run or manual run. You can view 
connector details, update or delete a disabled connector. 


Note: If a combination of connectors (enabled/disabled) or only disabled 
connector are run using Run API request call, the response is always 
acknowledged: true. The Run connector API always skips disabled connector 
for all clouds. 


Input Parameters 


Parameter Description 


connectorld (integer) Specify the unique Id associated with 
connector in the user’s scope to be disabled. 


Sample - Disable GCP Connector 


Let us consider an example to disable an GCP connector. 


API request 


curl -k -X POST -u <username>:<password> 

“https: //<QualysURL>/cloudview- 
api/rest/v1/gcp/connectors/connectors/disable'-d "[ \"359dba68-8559- 
30f4-88d5-d4720647a23f\"]" 


Response 


{ 


"acknowledged": true 
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Delete Connector (GCP) 
/rest/v1/gcp/connectors 


[DELETE] 


Delete the specified connector which is in the user’s scope. 


Input Parameters 


Parameter Description 


connectorld (Array [string]) Specify the unique Id associated 
with connector in the user’s scope. 


Sample - Delete a specific GCP connectors in user's account 


API request 


curl -k -X DELETE -u <username>:<password> 
-d ?["1d767489-da@c -4948-a285-bf2c708c@585" |’ 
"https ://<QualysURL>/cloudview-api/rest/v1/gcp/connectors' 


Response 


No Content 
Response Code: 204 
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GCP Evaluations 


Get the stats for specified control id and resource id 


/rest/v1/gcp/evaluations/stats/{controlld}/{connectorld}?resourceld={reso 
urceld} 


[GET] 
Specify the details such as control ID, resource ID, and connector ID to get the 
statistics for specified control and resource ID. 


Note: By default, the response includes the data for last 24 hours. 


Input Parameters 


Parameter Description 


controlld (string) Specify the control ID of a control for which 
resources evaluated need to be fetched 


resourceld (string) Specify the unique ID of the resource being 
evaluated. 
connectorld (string) Specify the unique Id associated with the 


connector in the user’s scope. 


Sample - Get list of connectors in user's account 


Return the list of all connectors in the user’s scope. 


API request 


curl -k -X GET -u <username>:<password> ‘Accept: application/json' 
--"https://<QualysURL>/cloudview- 
api/rest/v1/gcp/evaluations/stats/52054/059162b7 -f7ae-39d4-9c99- 
23ed9ec12345 Presourceld=projects%2Fmy-project%2Flocations%2Fus- 
central1%2F functions%2Fcloud-test' 


Response 
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{ 

"firstEvaluated": "2021-03-08T23:01:10+0000", 
“lastEvaluated": "2021-03-22T12:07:05+0000", 
"dateReopen": "2021-03-25T08:57:17+0000", 
"dateFixed": "2021-03-25T08:51:45+0000" 

} 
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Get the list of evaluations per project for GCP controls 


/rest/v1/gcp/evaluations/{projectld} 


[GET] 


Specify the details such as project ID and filter details to get the list of 
evaluations for GCP control. 


Input Parameters 


Parameter 


projectlid 


filter 


Description 


(string) Specify the unique project associated with 
your Google Cloud Platform subscription. 


Filter the resources list by providing a query using 
Qualys syntax. 


If you do not add a date filter, by default the data for 
last 24 hours is included in the response. If you need 
data for specific date or date range, form your filter 
query using evaluatedOn token. 


Examples: 


Show resources discovered within certain dates 
evaluatedOn: [2019-01-01 ... 2019-03-01] 


Show resources updated starting 2019-01-01, ending 1 
month ago 
evaluatedOn: [2019-01-01 ... now-1m] 


Show resources updated starting 2 weeks ago, ending 
1 second ago 
evaluatedOn: [now-2w … now-1s] 


Show resources discovered on specific date 
evaluatedOn: 2019-01-08 


Sample - Get all or filter the evaluations for your account 
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API request 


curl -X GET -u <username>:<password> 
‘https://<QualysURL>/cloudview-api/rest/v1/gcp/evaluations/my-project- 
1111111111111 


Response 


{ 


"content": [ 
i 
"controlName": “Ensure that there are only GCP-managed service 
account keys for each service account", 
"policyName": " CIS Google Cloud Platform Foundation Benchmark", 
Kiel EE E OR GRES R HR SIR 
“service”: "IAM", 
EH 2 “FALL”; 
eren sep". 15200157 
“passedResources": 13, 
“failedResources": 25, 
“passWithExceptionResources": 1 


Jo 


"pageable": { 
SORTE: N 
"sorted": false, 
"unsorted": true 
i 
"pageSize": 100, 
"pageNumber": 0, 
"offset": 0, 
"paged": true, 
"unpaged": false 
Jo 
"totalElements": 18, 
"last": true, 
"totalPages": 1, 
“First: true, 
BESONTE E 
"sorted": false, 
"unsorted": true 
Jo 
"numberOfElements": 18, 
"size": 100, 
"number": @ 
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Get the resources evaluated for the specified GCP project and control id 
/rest/vi1/gcp/evaluations/{projectid}/resources/{controlld} 


[GET] 


Specify the details such as project Id, control Id and define your filter criteria 
to get the list of resources that were evaluated 


Input Parameters 
These elements are optional and act as filters. When multiple elements are 


specified, parameters are combined using a logical AND. 


Parameter Description 


projectlid (string) Specify the project Id of a specific account in 
the user’s scope. 


controlld (string) Specify the control ID of a control for which 
resources evaluated need to be fetched. 


filter Filter the resources list by providing a query using 
Qualys syntax. 


If you do not add a date filter, by default the data for 
last 24 hours is included in the response. If you need 
data for specific date or date range, form your filter 
query using evaluatedOn token. 


Examples: 


Show resources discovered within certain dates 
evaluatedOn: [2019-01-01 ... 2019-03-01] 


Show resources updated starting 2019-01-01, ending 1 
month ago 
evaluatedOn: [2019-01-01 ... now-1m] 


Show resources updated starting 2 weeks ago, ending 
1 second ago 
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evaluatedOn: [now-2w … now-1s] 


Show resources discovered on specific date 
evaluatedOn: 2019-01-08 


pageNo (integer) The page to be returned. 


pageSize (integer) The number of records per page to be 
included in the response. 


Sample - Get the resources evaluated for the specified GCP account and control id 


API request 


curl -k -X GET -u <username>:<password> 
‘https: //<QualysURL>/cloudview-api/rest/v1/gcp/evaluations/my-project- 
1111111111111/resources/50027?pageNo=08&pageSize=50" 


Response 
{ 
"content": [ 
{ 
"resourceld": “my-project-1111111111111", 
"region": "-", 
"projectId": “my-project-1111111111111", 
"evaluatedOn": "2020-12-15T09:15:10+0000", 
"evidences": [ 
{ 
"settingName": “Enable oslogin", 
"actualValue": "False" 
T 
l 
"resourceType": “PROJECT COMPUTE", 
"result": “PASS WITH EXCEPTION" 
} 
], 
"pageable": { 
7SORG 2: T 
"unsorted": true, 
"sorted": false 
D 


"pageSize": 50, 
"pageNumber": 0, 
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"offset": 0, 
"paged": true, 
"unpaged": false 
Jo 
"last": true, 
"totalPages": 1, 
“totalElements": 1, 
rista: teue, 
SORT ce 4 
"unsorted": true, 
"sorted": false 


Le 
“numberOfElements": 
“size: 50, 


"number": @ 
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Remediation 


CloudView APIs 


Get List of Remediation Activities 


/rest/v1/remediation/activity 


[GET] 


Remediation allows you to select the resources you want to remediate and 
trigger remediation activities. All the remediation activities that you trigger 
from CloudView UI can be fetched. By default, the remediation activity logs 
are retained for 30 days. The logs older than 30 days are automatically 


deleted. 


Input Parameters 


Parameter 


CloudType 


filter 


pageNo 


pageSize 


Description 


Specify the cloud provider for which you want to fetch 
all the supported policies. You could mention AWS, 
AZURE, or GCP. 


Filter the remediation activities list providing a query 
using Qualys syntax. The search tokens are supported 
are listed in the "Search for Remediation Activity” 
topic of the CloudView Online Help. 


(integer) The page to be returned. 


(integer) The number of records per page to be 
included in the response. 


Sample - Get the list of remediation activities 


Let us fetch the activities for AWS cloud provider. 


API request 
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curl -k -X GET -u <username>:<password> 
‘https: //<QualysURL>/cloudview- 
api/rest/v1/remediation/activity?cloudType=AWS&pageNo=0&pageSize=50 


Response 
{ 
"content": [ 
{ 
"resourceld": “"i-0f9ffOee7/787ec1554", 
"cloudType": "AWS", 
"accountId": "XXXXXXXXXXXX", 
"region": "N. Virginia", 
"status": "Success", 
"resourceType": "Instance", 
"remediationAction": "Stop Instance", 
"connectorName": "CLV-AWS-Connector-Remediation-116", 
"triggeredOn": "2021-05-21T11:01:05.990+00:00", 
EE En oa 
“triggeredBy": "John Doe", 
"remediationReason": "Sample comment" 
}; 
{ 
"resourceld": "“cloudformation-poc-pc", 


"controlId": 60, 

"cloudType": "AWS", 

"accountId": "XXXXXXXXXXXX", 

"region": "Oregon", 

"status": "Success", 

"resourceType": "S3 Bucket", 

"remediationAction": “Control Remediation", 

"connectorName": "CLV-AWS-Connector-Remediation-116", 

“policyNames": [ 

"CIS Amazon Web Services Foundations Benchmark", 

"CloudView-AWS-Test-Policy" 

Ip 

"controlName": “Ensure that \"Block public and cross-account 
access\" if bucket has public policies for bucket is set to true", 

"triggeredOn": "2021-05-19T18:20:48.885+00:00", 


“EPROPS NN" 
"triggeredBy": "John Doe", 
"remediationReason": “sample comment" 
T. 
l 
"pageable": { 
SORE: y 
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wwe 


"unsorted": true, 
"sorted": false 
Jo 
"pageSize": 50, 
"pageNumber": 0, 
"offset": 0, 
"paged": true, 
"unpaged": false 
hs 
"last": true, 
"totalPages": 1, 
"totalElements": 2, 
Ste 8 AUS 
DS ONE: E 
"unsorted": true, 
"sorted": false 
hs 
"numberOfElements": 2, 
SEET EE EE 
"number": Q 
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CloudView APIs 


Reports 


Reports 


You can now generate mandate and policy based reports to get the complete 
picture of the compliance posture of your cloud provider account. We 
support report generation of policies and mandates for all the cloud 
providers: Amazon Web Services (AWS), Microsoft Azure, and Google Cloud 
Platform (GCP). 


Get Data for Specific Report 


Get List of All Supported Mandates 


Get List of All Supported Policies 
Get Report Configurations 


Get Report Details 


Create a Report 
Update a Report 


Delete Reports 
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Get Data for Specific Report 
/rest/v1/reports/report_data/{reportld} 


[GET] 


Specify the report ID and you can then get the complete report. 


Input Parameters 


Parameter Description 


reportid Unique identifier associated with every report. 


Sample - Get the complete data of specified report 


API request 


curl -k -X GET -u <username>:<password> 
"https: //<QualysURL>/cloudview-api/rest/v1/reports/0@1164660-cfc7-11ea- 
a573-4395559d998e' 


Response 
{ 
"mandate": { 
Sidi 2481, 


"name": “Cloud Controls Matrix (CCM)", 
"publisher": "Cloud Security Alliance (CSA)", 
"version": "Ver 3.0.1", 

"releaseDate": "2016-10-05T00:00:00.000+0000", 
"lastModified": "2018-05-28T11:20:10.000+0000" 


Jo 
"requirements": [ 
{ 
"document": { 
ide 54435 
"complianceDocumentId": 2481, 
"Section * ALS, 
"comments": "Application & Interface Security", 
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"lastModified": "2016-12-21T15:22:45.000+0000" 
L 


"summary": { 
"mandatesCount": 1, 
"requirementsCount": 16, 
"mandateName": “Cloud Controls Matrix (CCM)", 
"mandatePassPercent": 15.07, 
"accounts": [ 


À 
"name": "GCP123", 
"id": "100d7969-371b-308f-a08d-b3442170e378", 
"accountId": "my-project-1513669048551", 
"cloudType": "GCP" 

L 

{ 
"name": “connector 2", 
"id": "3d96ec1d-1624-3cc1-abc6-dc41d898e532", 
"accountId": "“gcp-qualys-demo", 
"cloudType": "GCP" 

} 


IE 

"controlsCount": 8, 
“totalEvaluationsCount": 292, 
"policiesCount": 1, 


"groups": [ 
{ 
"groupluid": "62edaf7d-4530-324c-be52-372a7acee33e", 
"groupName": “sample-azure-grp-1" 
} 
l 


"cloudType": "GCP" 
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Get List of All Supported Mandates 
/rest/v1/reports/mandates 


[GET] 


We support 24 mandates and you can fetch the list of all the supported 
mandates. 


Sample - Get the list of all supported mandates 


API request 


curl -k -X GET -u <username>:<password> 
"https://<QualysURL>/cloudview-api/rest/v1/reports/mandates' 


Response 


L 
{ 
Mid 4202 
"name": "Cybersecurity Maturity Model Certification (CMMC) 
Maturity Level 2 (ML2)" 
hs 
H 
"id": 4283, 
"name": "Cybersecurity Maturity Model Certification (CMMC) 
Maturity Level 3 (ML3)" 
}; 
{ 
vigta en 
"name": "Cybersecurity Maturity Model Certification (CMMC) 
Maturity Level 4 (ML4)" 
D 
il 
eighe 4295, 
"name": "Cybersecurity Maturity Model Certification (CMMC) 
Maturity Level 5 (ML5)" 


T 
{ 

e HE 

"name": “Payment Card Industry Data Security Standard (PCI-DSS)" 
Jo 
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{ 
"id": 3561, 
"name": "NIST Cyber Security Framework (CSF)" 
Jo 
{ 
Wid ensen 
"name": “Criminal Justice Information Services (CJIS) Security 
Policy" 
T 
i 
viats MEI 
"name": “Cloud Controls Matrix (CCM)" 
H 
{ 
siots AAL 
"name": “IRS Publication 1075" 
T 
{ 
"id": 3381, 
"name": “Minimum Acceptable Risk Standards for Exchanges (MARS-E)" 
IE 
{ 


"id": 4061, 
"name": “Monetary Authority of Singapore (MAS) - Notice 834: Cyber 
Hygiene Practices" 
Jo 
{ 
cide = 1281 
"name": "Cybersecurity Maturity Model Certification (CMMC) - 
Maturity Level 1 (ML1)" 
Fo 
{ 
“ide 2801 
"name": “APRA Prudential Practice Guide (PPG): CPG 234 - 
Management of Security Risk in Information and Information Technology” 
Jo 
{ 
e GT 
"name": “Health Insurance Portability and Accountability (HIPAA) 
Security Rule 45 CFR Parts 160/164, Subparts A/C:1996" 


T 
{ 
cn 
"name": “The Australian Signals Directorate - The Essential 8 
Strategies (ASD 8)" 
T 
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{ 
“id”: 2501, 
"name": "NERC Critical Infrastructure Protection (CIP)" 
Jo 
{ 
Be Hab 
"name": “ANSSI 40 Essential Measures for a Healthy Network" 
hs 
{ 
“id: t501 
"name": "SWIFT Customer Security Controls Framework - Customer 
Security Programme" 
hs 
{ 
E 
"name": “Reserve Bank of India (RBI) - Baseline Cyber Security and 
Resilience Requirements (Annex 1)" 
Jo 
{ 
"id": 3401, 
"name": "NCSC Basic Cyber Security Controls (BCSC)" 
Jo 
{ 
Wide 2443 
"name": “ISO/IEC 27001:2013" 
Jo 
{ 
Wide 
"name": "NESA UAE Information Assurance Standards (IAS)" 
hs 
{ 
ide 2761 
"name": "NIST 800-171 (Special Publication)" 
js 
{ 
"id": 3861, 
"name": “Sarbanes-Oxley Act: IT Security" 
js 
{ 
nice GI 
"name": “CIS Controls" 
hs 
{ 
pida: 28037 
"name": “General Data Protection Regulation (GDPR)" 
T 
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{ 
"id": 2605, 
"name": "Federal Risk and Authorization Management Program 
(FedRAMP M) - Moderate Security Baseline" 
H 
{ 
"id": 2604, 
"name": "Federal Risk and Authorization Management Program 
(FedRAMP H) - High Security Baseline" 
Jo 
{ 
“id 2802; 
"name": “IRDAI Guidelines On Information and Cyber Security for 
Insurers" 
I 


] 
Response Code: 200 
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Get List of All Supported Policies 
/rest/v1/reports/policies 


[GET] 


You can fetch the list of all the supported policies in your account. 


Input Parameters 


Parameter Description 


CloudType Specify the cloud provider for which you want to fetch 
all the supported policies. You could mention AWS, 
AZURE, or GCP 


Sample - Get the list of all the supported policies for Azure 


API request 
curl -k -X GET -u <username>:<password> 


"https: //<QualysURL>/cloudview- 
api/rest/v1/reports/policies?cloudType=AZURE" 


Response 


[ 
{ 
"id": “"df3597f0-9e29-11e9-bdf0-23c5141152bc", 
"title": "CIS Microsoft Azure Foundations Benchmark", 
"cloudType": "AZURE" 


"id": "f9e43730-aedd-11ea-a4bd-5b1aa4c88a83", 
"title": "Azure Database Service Best Practices Policy", 
"cloudType": "AZURE" 


"id": "44441240 -3b6c-11ea-93a5-4d1356013529", 
"title": "Azure Function App Best Practices Policy", 
"cloudType": "AZURE" 
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"id": "e6d/7e9d@-d476-11e9-bdc5-2f0d82086ccb", 
"title": “Azure Best Practices Policy", 


"id": "e48922a0-ca6d-11ea-992e-a7c52eacc973", 


T 

{ 
"cloudType": "AZURE" 
"title": “Policy” 
"cloudType": "AZURE" 

T 


] 
Response Code: 200 
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Get Report Configurations 
/rest/v1/reports 


[GET] 


You can fetch all the list of report configurations. 


Input Parameters 


Parameter Description 
pageNo (integer) The page to be returned. 
pageSize (integer) The number of records per page to be 


included in the response. 


Sample - Get the list of report configurations 


API request 


curl -k -X GET -u <username>:<password> 
‘https: //<QualysURL>/cloudview- 
api/rest/v1/reports?pageNo=@&pageSize=3" 


Response 


{ 


"content": [ 

d 

"report Ld": "84685b50-4d43-11e9-9496-d5e5ac80c6e2", 
"title": “Mandate Report", 

"type": "MANDATE", 

"format": “ON SCREEN", 

“accounts”: [ 

i 

"name": "User "john", 

"id": “5a4f0630-39ab-11e9-a7c7-6f7103922bbf", 
accoumecee AUS 

"cloudType": "AWS" 


} 
128 


"pageable": { 
SOE 
"sorted": false, 
"unsorted": true 
T 

"pageSize": 6, 
"pageNumber": ©, 
"offset": ©, 
"paged": true, 
"unpaged": false 
js 

"last": false, 
“totalPages": 2, 


"totalElements": 
PSE 8 VE 
SEI 


"sorted": false, 
"unsorted": true 


L 


al, 


“"numberOfElements": 6, 


"size": 6, 
"number": @ 


$ 
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Get Report Details 
/rest/v1/reports/{reportld} 


[GET] 


Specify the report ID and then you can get the details of the specified report. 


Input Parameters 


Parameter Description 


reportid Unique identifier associated with every report. 


Sample - Get the details of specified report configuration 


API request 


curl -k -X GET -u <username>:<password> 
"https: //<QualysURL>/cloudview-api/rest/v1/reports/@1164660-cfc7-11ea- 
a573-4395559d998e’ 


Response 
i 
"mandate": { 
Sid! = 2481, 


"name": "Cloud Controls Matrix (CCM)", 

"publisher": “Cloud Security Alliance (CSA)", 

"version": “Ver 3.0.1", 

"releaseDate": "2016-10-05T00:00:00.000+0000", 

"lastModified": "2018-05-28T11:20:10.000+0000" 
Jo 


"requirements": [ 


"document": { 


"id": 5443, 

“complianceDocumentId": 2481, 

SECTION ATSH, 

"comments": "Application & Interface Security", 


"lastModified": "2016-12-21T115:22:45.000+0000" 
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L 


"summary": { 

"mandatesCount": 1, 

"requirementsCount": 16, 

"mandateName": “Cloud Controls Matrix (CCM)", 
"mandatePassPercent": 15.07, 

"accounts": [ 


{ 
"name": "GCP123", 
"id": "100d7969-371b-308f-a08d-b3442170e378", 
“accountId”: "my-project-1513669048551", 
"cloudType": "GCP" 

L 

À 
"name": “connector 2", 
"id": "3d96ec1d-1624-3cc1-abc6-dc41d898e532", 
"accountId": "“gcp-qualys-demo", 
"cloudType": "GCP" 

} 


l 


"controlsCount": 8, 
"totalEvaluationsCount": 292, 
"policiesCount": 1, 


"groups": [ 
"groupUuid": "62edaf7d-4530-324c-be52-372a7acee33e", 
"groupName": "chloe-azure-grp-1" 
J 
], 


"cloudType": "GCP" 
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[POST] 


CloudView APIs 


To generate a new report you need to provide information such as the cloud 
provider for which you would want to generate the report and few other 
details such as name, description, format, mandate ID and so on. 


Input Parameters 


Parameter Description 


configurationBody You need to provide the required details in the 
configurationBody parameter. The syntax for the 
same is given below: 


Syntax: 


{ 


} 


“cloudiype’: "string, 
"connectorids": [ 


"string" 
], 
“description = „String, 
"format": "string", 
"groupIds": [ 

“Stren: 
], 
"mandateId": "string", 


“policies. 3) | 


"cloudType": "string", 
“policyid= String. 
} 
l 
PELE t 9 Lig: + 
"type": "string" 


where, 
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cloudType: the cloud provider (AWS, Azure, or GCP) 
connectorlds: connector Id 
description: description of the report 


format: the report format (only On-Screen format 
supported) 


grouplds: unique Id of the (connector) group 
mandateld: unique Id associated with the mandate. 
cloudType: the cloud provider (AWS, Azure, or GCP) 
policyld: unique ID associated with the policy. 

title: name of the report 


type: indicates if it is policy report or mandate 
report. 


Sample - Create a new report 


API request 


curl -X POST --header 
-a 
"cloudType": "GCP", 
"connectorIds": T 
"100d7969-371b-308f-a08d-b3442170e378","3d96ec1d-1624-3cc1-abc6- 
dc41d898e532" 
], 
"description": “sample description", 
"format": “ON SCREEN’ , 
"grouplds": T 
"62edaf7d-4530-324c -be52-372a7acee33e" 
], 
"mandat eld": "2481", 
"policies": [ 
{ 
"cloudType": "GCP", 
"policyId": "10ffb910-3b6d-11ea-93a5-4d1356013529" 


i 


133 


CloudView APIs 


], 
"title": "gcppublicapi", 
"type": "MANDATE" 
H ‘https://<QualysURL>/cloudview-api/rest/v1/reports' 


Response 


"title": "gcppublicapi", 
"type": "MANDATE", 
"format": "ON SCREEN", 
"accounts": [ 


{ 
"name": "GCP123", 
"id": "100d7969-371b-308f-a08d-b3442170e378", 
"accountId": "my-project-XXXXXXXXXXXXX", 
"cloudType": "GCP" 
js 
{ 
"name": “connector 2", 
"id": "3d96ec1d-1624-3cc1-abc6-dc41d898e532", 
"accountId": "Demo GCP", 
"cloudType": "GCP" 
} 
L 
"description": "string", 
"policies": [ 
{ 
"policyId": "10ffb910-3b6d-11ea-93a5-4d1356013529", 
"cloudType": "GCP" 
} 


llo 
"mandateId": "2481", 


"createdOn": "2020-07-27T05:07:01+0000", 

"cloudType": "GCP", 

"groupIds": [ 
"62edaf7d-4530-324c-be52-372a7acee33e" 

], 

"reportid": "01164660-cfc7-11ea-a573-4395559d998e" 
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/rest/v1/reports/{reportld} 


[PATCH] 


You can update a report template to generate a new report. 


Input Parameters 


Parameter Description 


reportid Unique identifier associated with every report. 


configurationBody You need to provide the required details in the 
configurationBody parameter. The syntax for the 
same is given below: 


Syntax: 


{ 


} 


"cloudType": "string", 
"connectorids": [ 


"string" 
IE 
"description": "string", 
"format": “string”, 
"grouplds": [ 
"string" 
], 
"mandateId": "string", 
"policies": [ 
{ 
"cloudType": "string", 
"policyId": “string” 
} 
], 


"title": “string”, 
"type": "string" 


where, 
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cloudType: the cloud provider (AWS, Azure, or GCP) 
connectorlds: connector Id 
description: description of the report 


format: the report format (only On-Screen format 
supported) 


grouplds: unique Id of the (connector) group 
mandateld: unique Id associated with the mandate. 
cloudType: the cloud provider (AWS, Azure, or GCP) 
policyld: unique ID associated with the policy. 

title: name of the report 


type: indicates if it is policy report or mandate 
report. 


Sample - Update the configuration of an existing report 


API request 


curl -X PATCH -u <username>:<password> ‘Content-Type: 
application/json'-d ' 
{ 
"cloudType": "GCP", 
“connectorIds”: T 
"100d7969-371b- 308 -a08d-b3442170e378" 
l 
"description": "Update Report", 
"format": “ON SCREEN", 
"grouplds": T 
"62edaf7d-4530-324c-be52-372a7acee33e" 
IF 
“mandateId": "2481", 
"policies": [ 
{ 
"cloudType": "GCP", 
“policyId”: "10ffb910-3b6d-11ea-93a5-4d1356013529" 


i 
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], 
"title": "gcppublicapi", 
"type": "MANDATE" 
"https: //<QualysURL>/cloudview-api/rest/v1/reports/7fb67360-4d40- 


11e9-a00f-f18386b5a29f' 


Response 


í 


"title": "gcppublicapi", 
"type": "MANDATE", 
"format": "ON SCREEN", 
"accounts": [ 


{ 
"name": "GCP123", 
"id": "100d7969-371b-308f-a08d-b3442170e378", 
"accountId": "“my-project-1513669048551", 
"cloudType": "GCP" 
} 
l» 
“descriptions. estrinee, 
"policies": [ 
{ 
“policyId”: "10ffb910-3b6d-11ea-93a5-4d1356013529", 
"cloudType": "GCP" 
i 
l 


"mandateId": "2481", 

"createdOn": "2020-07-24T13:54:19+0000", 

"cloudType": „GCP, 

"groupIds": T 
"62edaf7d-4530-324c-be52-372a7acee33e" 


], 
"report Ld": "24c6d800-cdb4-11ea-8fa8-0f89bf5c84F3" 
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Delete Reports 
/rest/v1/reports 


[DELETE] 


Specify the ID of the report you want to delete and the report gets deleted. 


Input Parameters 


Parameter Description 


reportid Unique identifier associated with every report. 


Sample - Delete the specified report 


API request 


curl -X DELETE -u <username>:<password> -d "["9cce6548@-4b36-11e9-be40- 
e9d6@abc9Fcd" |" 
"https://<QualysURL>/cloudview-api/rest/v1/reports' 


Response 


No Content 
Response Code: 204 


Sample - Delete multiple reports 


API request 


curl -X DELETE -u <username>:<password> 

-d "["9cce6540-4b36-11e9-be48-09d69abc9fcd","#fbfd2de0-4af4-11e9-9#d1- 
1344989d5139" ] ' 

'https://<QualysURL>/cloudview-api/rest/v1/reports' 


Response 


No Content 
Response Code: 204 
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Resource Inventory 


AWS Resources 


/rest/v1/resource/{resourceType}/AWS 


[GET] 


Fetch all the resources belonging to the specified type in your cloud 
environment and list the same in the response. 


Input Parameters 


Parameter 


filter 


pageNo 


pageSize 


sort 


updated 


Description 


Filter the resources by providing a query using Qualys 
syntax. 


The following search token is supported. 
List of tokens supported for AWS resources 


(mandatory) The page to be returned. 


(mandatory) (integer) The number of records per page 
to be included in the response. 


(keyword) Sort the results using a Qualys token. 
Sorting is currently enabled with only one sort token: 
lastSyncedOn. The 


allowed values are asc or desc. 


Use a date range or specific date to define when the 
resource was last updated. 


Examples: 


Show resources updated within certain dates, updated: 
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EAO PON ONO POLO 


Show resources updated starting 2018-10-01, ending 1 
month ago, updated: [2021-01-01 … now-1m] 


Show resources updated starting 2 weeks ago, ending 
1 second ago, updated: [now-2w … now-1s] 


Show resources updated on specific date, updated: 
2021-01-08 


resourceType (mandatory) Select the type of resource you want to 
fetch inventory on. 


AWS Resource Types: AUTO _SCALING GROUP, 
BUCKET, EBS, EC2_INSTANCE, EKS CLUSTER, 
EKS FARGATE PROFILE, EKS NODEGROUP, 
IAM USER, INTERNET GATEWAY, LAMBDA, 
LOAD BALANCER, NETWORK ACL, RDS, 
ROUTE TABLE, SUBNET, VPC, 

VPC SECURITY GROUP 


Sample - Get the list of all AWS resources by type 


API request 


curl -X GET -u <username>:<password> 
“https: //<QualysBaseURL>/cloudviewapi/rest/v1/resource/BUCKET/AWS? page 
No=0&pageSize=50" 


JSON Response 
ik 


"content": [ 
{ 
"accountAlias": "sample-XXXXXXXXXXXX", 
“controlsFailed": 6, 
“bucketName": "“aws-cloudtrail-events", 
"resourceld": "“aws-cloudtrail-events", 
"connectorUuids": T 
"XXXXXXXX - XXXX- XXXX -XXXX - XXXXXXXXXXXX" 
]; 
“bucketCreationDateStr": "2021-02-23T00:34:11+0000", 
"created": "2022-01-057111:20:28.200+00:00", 
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"cloudAccountId": "XXXXXXXXXXXX", 
essGrantlist = || 
{ 

“emailAddress": null, 

"groupUri": null, 

"displayName": null, 

"permission": "FullControl", 

pidi: 

"dcf00289423844232d18c426dc98979a5d581505165de60971d8e1a891a44ef7" 
} 

IE 
"uuid": "aS5ad9d67-4d1f-3ee2-b625-f3b04a237a8F", 
"connectorUuid": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", 
"createdOn": "2022-01-05T11:20:28+0000", 
fragst M 
"remediationEnabled": null, 
"lastUpdated": "2022-01-05T11:20:28+0000", 
"ownerName": "user john", 
"cloudType": "AWS", 
"name": "“aws-cloudtrail-events", 
"bucketPolicy": 


"resourceType": "BUCKET" 
} 
l 
"pageable": { 
SORT 9 T 
"sorted": false, 
"unsorted": true, 
"empty": true 
js 
"pageNumber": 6, 
"pageSize": 6, 
"offset": 0, 
"paged": true, 
"unpaged": false 
D 
eeng 8 gtt: 
“totalElements": 6, 
“totalPages": 1, 
“SORT 4 
"sorted": false, 
"unsorted": true, 
"empty": true 
hs 


“numberOfElements": 6, 
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"first": true, 

OAI 8 (5); 

"number": ©, 

"empty": false 
Ok 
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Azure Resources 


CloudView APIs 


/rest/v1/resource/{resourceType}/Azure 


[GET] 


Fetch all the resources belonging to the specified type in your cloud 
environment and list the same in the response. 


Input Parameters 


Parameter 


filter 


pageNo 


pageSize 


sort 


updated 


Description 


Filter the resources by providing a query using Qualys 
syntax. 


The following search token is supported. 


List of tokens supported for Microsoft Azure 


Resources 


(mandatory) The page to be returned. 


(mandatory) (integer) The number of records per page 
to be included in the response. 


(keyword) Sort the results using a Qualys token. 
Sorting is currently enabled with only one sort token: 
lastSyncedOn. The 


allowed values are asc or desc. 


Use a date range or specific date to define when the 
resource was last updated. 


Examples: 


Show resources updated within certain dates, updated: 
[2021-01-01 ... 2021-03-01] 
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Show resources updated starting 2018-10-01, ending 1 
month ago, updated: [2021-01-01 … now-1m] 


Show resources updated starting 2 weeks ago, ending 
1 second ago, updated: [now-2w … now-1s] 


Show resources updated on specific date, updated: 
2021-01-08 


resourceType (mandatory) Select the type of resource you want to 
fetch inventory on. 


Azure Resource Types: FUNCTION APP, 

NETWORK SECURITY GROUP, RESOURCE GROUP, 
SQL SERVER, SQL SERVER DATABASE, 

VIRTUAL MACHINE, VIRTUAL NETWORK, WEB APP 


Sample - Get the list of all Azure resources by type 


API request 

curl -X GET -u <username>:<password> 

"https: //<QualysBaseURL>/cloudviewapi/rest/v1/resource/VIRTUAL_MACHINE 
/Azure?filter=subscriptionName%3A%22s 
amplesubscription%22&pageNo=0&pageSize=50" 


JSON Response 
il 


"content": [ 


{ 


“controlsFailed": 2, 
"resourceld": "7de97440-93c5-4ced-9ef9-a3258d2c27da", 
"imageData": [ 


{ 
"offer": "0001-com-ubuntu-server-focal", 
"publisher": "canonical", 
els muil, 
"sku": "20 @4-lts-gen2", 
"version": "latest" 
} 
l 
"type": "Microsoft.Compute/virtualMachines", 
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"uuid": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", 
“"remediationEnabled": null, 
"licenseType": null, 
“computerName": "Sample-vm-6", 
"cloudType": "AZURE", 
"customerId": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" , 
"osType": "Linux", 
"customers": [ 
"b28e6859-9a15-fb81-833b-d20e458F7F7F" 
IE 
“networkSecurityGroupId": "Sample-vm-6-nsg", 
"connectorUuids": T 
"XXXXXXXX -XXXX - XXXX -XXXX- XXXXXXXXXXXX 


l 


"pageable": { 
eS Olin ters ae) 
"sorted": false, 
"unsorted": true, 
"empty": true 
Jo 
"pageNumber": 9, 
"pageSize": 5, 
"offset": 0, 
"paged": true, 
"unpaged": false 
T. 
"last": true, 
“totalElements": 5, 
"totalPages": 1, 
“sort. = À 
"sorted": false, 
"unsorted": true, 
"empty": true 
Le 
“numberOfElements": 5, 
EEE SIH, 
LA T 8 55. 
"number": ©, 
"empty": false 
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/rest/v1/resource/{resourceType}/GCP 


[GET] 


Fetch all the resources belonging to the specified type in your cloud 
environment and list the same in the response. 


Input Parameters 


Parameter 


filter 


pageNo 


pageSize 


sort 


updated 


Description 


Filter the resources by providing a query using Qualys 
syntax. 


The following search token is supported. 
List of tokens supported for GCP Resources 


(mandatory) The page to be returned. 


(mandatory) (integer) The number of records per page 
to be included in the response. 


(keyword) Sort the results using a Qualys token. 
Sorting is currently enabled with only one sort token: 
lastSyncedOn. The 


allowed values are asc or desc. 


Use a date range or specific date to define when the 
resource was last updated. 


Examples: 


Show resources updated within certain dates, updated: 
[2021-01-01 ... 2021-03-01] 
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Show resources updated starting 2018-10-01, ending 1 
month ago, updated: [2021-01-01 … now-1m] 


Show resources updated starting 2 weeks ago, ending 
1 second ago, updated: [now-2w ... now-1s] 


Show resources updated on specific date, updated: 
2021-01-08 


resourceType (mandatory) Select the type of resource you want to 
fetch inventory on. 


GCP Resource Types: CLOUD FUNCTION, 
FIREWALL RULES, NETWORK, SUBNETWORK, 
VM_INSTANCE 


Sample - Get the list of all GCP resources by type 


API request 


curl -X GET -u <username>:<password> 
"https: //<QualysBaseURL>/cloudview- 
api/rest/v1/resource/BUCKET/AWS ?pageNo=@&pageSize=50" 


JSON Response 


"content": [ 
{ 
“controlsFailed": 2, 
"resourceld": "2049122088315831723", 
"imageData": null, 
"description": null, 


"type": null, 
"uuid": "41a43830-4061-356-9f97-68aa786f9552", 
"Zone": “us-centrall-a”, 


"cloudType": "GCP", 
"customerId": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", 
"customers": [ 
"b28e6859-9a15-fb81-833b-d20e458F7F7F" 
IE 
"machineType": "e2-micro", 
"connectorUuids": [ 
"XXXXXXXX - XXXX - XXXX -XXXX -XXXXXXXXXXXX" 


], 
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"kind": "compute#instance", 

"created": “2022-01-05T11:30:07+0000", 

"connectorUuid": "XXXXXXXX-XXXX -XXXX -XXXX - XXXXXXXXXKXX "5 
“privateIpAddress": "10.128.15.200", 


"tags": null, 
"labels": [ 
{ 
"name": “department”, 
"value": "engineering" 


“pageable": { 
“Sort: = À 
"sorted": false, 
"unsorted": true, 
"empty": true 
Ié 
"pageNumber": 0, 
"pageSize": 100, 
"offset": 0, 
"paged": true, 
"unpaged": false 
Jo 
"last": false, 
"totalElements": 195, 
"totalPages": 2, 
eSOPi 24 
"sorted": false, 
"unsorted": true, 
"empty": true 
hs 
"numberOfElements": 100, 
“Hirst: CRUE, 
"size": 100, 
"number": ©, 
"empty": false 
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Resource Details for AWS by Resource UUID 
rest/vl/resource/{resourceType}/uuid/{resourceUuid}/AWS 
[GET] 


Fetch resource details for AWS resources using resource UUID. To know UUID 
of a resource, use Get Resource Inventory for AWS API. 


Input Parameters 


Parameter Description 


filter Filter the resources by providing a query using Qualys syntax. 
The following search token is supported. 


List of tokens supported for AWS resources 


pageNo (mandatory) The page to be returned. 


pageSize (mandatory) (integer) The number of records per page to be 
included in the response. 


sort (keyword) Sort the results using a Qualys token. Sorting is 
currently enabled with only one sort token: lastSyncedOn. The 


allowed values are asc or desc. 


updated Use a date range or specific date to define when the resource was 
last updated. 


Examples: 


Show resources updated within certain dates, updated: [2021-01-01 
… 2021-03-01] 


Show resources updated starting 2018-10-01, ending 1 month ago, 
updated: [2021-01-01 … now-1m] 
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Show resources updated starting 2 weeks ago, ending 1 second 
ago, updated: [now-2w … now-1s] 


Show resources updated on specific date, updated: 2021-01-08 


(mandatory) Select the type of resource you want to fetch 
inventory on. 


AWS Resource Types: AUTO SCALING GROUP, BUCKET, EBS, 
EC2 INSTANCE, EKS CLUSTER, E-S FARGATE PROFILE, 

ES NODEGROUP, IAM USER, INTERNET GATEWAY, LAMBDA, 
LOAD BALANCER, NETWORK ACL, RDS, ROUTE TABLE, 
SUBNET, VPC, VPC SECURITY GROUP 


(mandatory only when you fetch resource details). Specify the 
unique resource ID. 


You can fetch the resource UUID by using the Get Resource 
Inventory API 
(/cloudviewapi/rest/v1/resource/{resourceType}/<cloudprovider>) 


Sample - Get resource details for resource of type S3 bucket by resource 


UUID 


API request 


curl -X GET -u <username>:<password> 

"https: //<QualysBaseURL>/cloudview- 
api/rest/v1/resource/BUCKET/uuid/96ca11d8-1c26-365d-b644- 
355ae2b8b588/AWS" 


JSON Response 


"uuid": "96ca11d8-1c26-365d-b644-355ae2b8b588", 
"connectorUuid": "XXXXXXXX-XXXX-XXXX-XXXX = XXXXXXXXXKXXX "5 
"connectorUuids": [ 

"XXXXXXXX -XXXX - XXXX -XXXX = XXXXXXXXXXXX" 


IE 


"region": "eu-south-1", 
"name": “aws-cloudtrail-logs-raghav-trail-events", 


“cloudType": 
"createdOn": 


"AWS 11 5 
“2022-01-05T11:20:28+0000", 
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"created": "2022-01-05111:20:28.200+00:00", 
"remediationEnabled": null, 

"lastUpdated": "2022-01-@5T11:20:28+0000", 
"cloudAccountId": "XXXXXXXXXXXX", 


"accountAlias": “sample alias", 
GEES 

"resourceld": “aws-cloudtrail-events", 
"controlsFailed": 6, 

"bucketName": "aws-cloudtrail-events", 
"ownerName": "user john", 
“bucketOwnerId": 


"dcf00289423844232d18c426dc98979a5d581505165de60971d8e1a891a44ef7", 

“bucketCreationDateStr": "2021-02-23T00:34:11+0000", 

"bucketPolicy": "{\"Version\":\"2012-10- 
17\",\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Effec 
t\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"} 
»\"Action\":\"s3:GetBucketAcl\",\"Resource\":\"arn:aws:S3:::aws- 
cloudtrail-logs- 
events\"},{\"Sid\": \"AWSCloudTrailWrite20150319\", \"Effect\":\"Allow\" 
»\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}, \"Action\":\ 
"s3:PutObject\", \"Resource\":[\"arn:aws:s3:::aws-cloudtrail-logs- 
events/AWSLogs /XXXXXXXXXXXX/*\", \"arn:aws:sS3:::aws-cloudtrail-logs- 
events/AWSLogs /XXXXXXXXXXXX/*\"],\"Condition\":{\"StringEquals\":{\"s3 
:x-amz-acl\":\"bucket-owner-full-control\"}}}]}", 

"s3GrantList": [ 

{ 
“displayName": null, 
sidi: 
"dcf00289423844232d18c426dc98979a5d581505165de60971d8e1a891a44ef7", 
“emailAddress": null, 
SeroupUras = null, 
"permission": "FullControl" 
} 


l 
"resourceType": "BUCKET" 
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Resource Details for Azure by Resource UUID 
/rest/v1/resource/{resourceType}/uuid/{resourceUuid}/Azure 
[GET] 


Fetch resource details for Azure resources using resource UUID. To know 
UUID of a resource, use Get Resource Inventory for Azure API. 


Input Parameters 


Parameter Description 


filter Filter the resources by providing a query using Qualys syntax. 
The following search token is supported. 


List of tokens supported for Microsoft Azure Resources 


pageNo (mandatory) The page to be returned. 


pageSize (mandatory) (integer) The number of records per page to be 
included in the response. 


sort (keyword) Sort the results using a Qualys token. Sorting is 
currently enabled with only one sort token: lastSyncedOn. The 


allowed values are asc or desc. 


updated Use a date range or specific date to define when the resource was 
last updated. 


Examples: 


Show resources updated within certain dates, updated: [2021-01-01 
… 2021-03-01] 


Show resources updated starting 2018-10-01, ending 1 month ago, 
updated: [2021-01-01 … now-1m] 
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Show resources updated starting 2 Weeks ago, ending 1 second 
ago, updated: [now-2w … now-1s] 


Show resources updated on specific date, updated: 2021-01-08 


resourceType (mandatory) Select the type of resource you want to fetch 
inventory on. 


Azure Resource Types: FUNCTION APP, 

NETWORK SECURITY GROUP, RESOURCE GROUP, 

SQL SERVER, SQL SERVER DATABASE, VIRTUAL MACHINE, 
VIRTUAL NETWORK, WEB APP 


resource (mandatory only when you fetch resource details). Specify the 
UUID unique resource ID. 


You can fetch the resource UUID by using the Get Resource 
Inventory API 
(/cloudviewapi/rest/v1/resource/{resourceType}/<cloudprovider>) 


Sample - Get resource details for resource of type Virtual Machine by 
resource UUID 


API request 


curl -X GET -u <username>:<password> 

"https: //<QualysBaseURL>/cloudview- 
api/rest/v1/resource/VIRTUAL_MACHINE/uuid/8513b79d-8a53-3642-a2ba- 
aca31886eeaf/Azure" 


JSON Response 


il 
"uuid": "8513b79d-8a53-3642-a2ba-aca31886eeaf", 


"connectorUuid": "XXXXXXXX-XXXX -XXXX-XXXX-XXXXXXXXXXXX", 
"connectorUuids": [ 

"XXXXXXXX -XXXX = XXXX -XXXX = XXXXXXXXXXXX" 
], 
"“cloudType": "AZURE", 
"customerId": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" , 
"customers": [ 

"XXXXXXXX -XXXX = XXXX -XXXX - XXXXXXXXXXXX" 


], 
"subscriptionId": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", 
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“subscriptionName": “sample azure", 
"resourceld": "7de97440-93c5-4ced-9ef9-a3258d2c27da", 
"resourceGroupName": “CloudView QA", 
"scanUuid": "58d07687-4213-43ff-a4c1-f39c8f214943", 
"name": "Sample-vm-6", 
"type": "Microsoft.Compute/virtualMachines", 
"region": "“eastus", 
"tags": [], 
"remediationEnabled": null, 
"controlsFailed": 2, 
"primaryPublicIPAddress": "20.124.231.2", 
“primaryPublicIPAddressId": "/subscriptions/XXXXXXXX -XXXX - XXXX - XXXX - 
XXXXXXXXXXXX/resourceGroups/CloudView QA/providers/Microsoft.Network/p 
ublicIPAddresses/sample-vm-6-ip", 
"availabilitySetId": "", 
"provisioningState": null, 
"licenseType": null, 
“computerName": "“sample-vm-6", 
"size": “Standard Bis", 
"osType": “Linux”, 
"statuses": [ 
{ 
"code": "ProvisioningState/succeeded", 
"displayStatus": "Provisioning succeeded", 
"level": "INFO", 
"message": null, 
"time": "2022-01-04T05:26:42+0000" 


T. 

{ 
"code": “"PowerState/running", 
"displayStatus": "VM running", 
"level": "INFO", 
"message": null, 
"time": null 

} 


l 
"created": "2022-01-04T06:20:11+0000", 


"updated": "2022-01-05T11:28:17+0000", 


"networkSecurityGroupId": “sample-vm-6-nsg", 
"imageData": [ 
{ 
Kb e Me TO E 
"offer": "0001-com-ubuntu-server-focal", 
"publisher": "canonical", 
"sku": "20 @4-lts-gen2", 
"version": “latest” 
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Resource Details for GCP by Resource UUID 
/rest/v1/resource/{resourceType}/uuid/{resourceUuid}/GCP 
[GET] 


Fetch resource details for GCP using resource UUID. To know UUID of a 
resource, use Get Resource Inventory for GCP API. 


Input Parameters 


Parameter Description 


filter Filter the resources by providing a query using Qualys syntax. 
The following search token is supported. 


List of tokens supported for GCP Resources 


pageNo (mandatory) The page to be returned. 


pageSize (mandatory) (integer) The number of records per page to be 
included in the response. 


sort (keyword) Sort the results using a Qualys token. Sorting is 
currently enabled with only one sort token: lastSyncedOn. The 


allowed values are asc or desc. 


updated Use a date range or specific date to define when the resource was 
last updated. 


Examples: 


Show resources updated within certain dates, updated: [2021-01-01 
… 2021-03-01] 


Show resources updated starting 2018-10-01, ending 1 month ago, 
updated: [2021-01-01 … now-1m] 


Show resources updated starting 2 weeks ago, ending 1 second 


156 


resourceType 


resource 
UUID 


CloudView APIs 


ago, updated: [now-2w … now-1s] 


Show resources updated on specific date, updated: 2021-01-08 


(mandatory) Select the type of resource you want to fetch 
inventory on. 


GCP Resource Types: CLOUD FUNCTION, FIREWALL RULES, 
NETWORK, SUBNETWORK, VM INSTANCE 


(mandatory only when you fetch resource details). Specify the 
unique resource ID. 


You can fetch the resource UUID by using the Get Resource 
Inventory API 
(/cloudviewapi/rest/v1/resource/{resourceType}/<cloudprovider>) 


Sample - Get resource details for resource of type VM instance by resource 


UUID 


API request 


curl -X GET -u <username>:<password> 

"https: //<QualysBaseURL>/cloudview- 
api/rest/v1/resource/VM_INSTANCE/uuid/715c0@38e-dc4c - 3949 -8eee- 
661fcf559116/GCP" 


JSON Response 


"uuid": "715c038e-dc4c-3949-8eee-661fcF559116", 
"connectorUuid": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", 
"connectorUuids": [ 

"XXXXXXXX - XXXX- XXXX - XXXX = XXXXXXXXXXXX" 


], 


"cloudType": "GCP", 
"customerId": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" , 


"customers": 


[ 


"XXXXXXXX -XXXX - XXXX -XXXX -XXXXXXXXXXXX" 


], 
"projectid": 


"rpesourceld": 
"12b1b7bc-dcb8-4cf4-9424-afb1a16d191b", 


"scanUuid": 


"my -sample-project -XXXXXXXXXXXX", 


"2049122088315831723", 


"name": "gke-test-1-9-fail-pool-2-e90f48c4-ukkn", 
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"type": null, 

"region": "us-central1", 
tags nul, 
"controlsFailed": 2, 
"Zone": "us-centrali-a", 
"kind": "compute#instance", 
“machineType": "“e2-micro", 


"description": null, 
"externalIpAddress": "34.132.50.15", 
“privateIpAddress": "10.128.15.200", 


"labels": [ 
{ 
"name": "department", 
"value": "engineering" 
TL. 
{ 
"name": "manager", 
"value": “sample jim" 
E 
{ 
"name": “owner”, 
"value": “user john" 
Ié 
{ 
"name": “team”, 
"value": “sample controls" 
Ié 
il 
"name": "test", 
"value": "test20" 
1 
b 
"networkInterfaces": [ 
{ 

"accessConfigs": { 
"kind 2 muir 
"name": null, 
"type": null, 
“networkTier": null 

TL. 

"kind": "compute#networkInterface", 

"name": "nice", 

"network": "vj", 

“networkIP": "10.128.15.200", 

"subnetwork": "vj", 


"fingerprint": "x-W6Atnib-M=" 
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} 
IE 


"status": "RUNNING", 

"created": "2022-01-05T11:30:07+0000", 
"updated": “2022-01-05T11:30:07+0000", 
"imageData": null 
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Alerting Response APIs 


Alerting Response APIs (Beta) 

You can configure monitoring of critical controls and triggering alert 
messages on detection of critical conditions. The alert messages you receive 
includes control assessment details. 

To receive the alerts, you need to follow quick steps: 


- Create one or more actions. 


- Create rules that include criteria or specific conditions that would trigger the 
alert and associate actions for each criterion. 


- Run the Connectors in CloudView and the alerts get triggered whenever the 
condition defined in a Rules are satisfied. 


Based on action type you select, you will be notified through Email, Slack, or 
Pagerduty. 


Response Actions 


Response Notifications 


Response Rules 
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Response Actions 

Response Actions 

We support the following response actions: 
Get Actions 


Get Action by Id 


Delete Actions 
Create email Action 


Update email Action 


Create PagerDuty Action 
Update PagerDuty Action 


Test PagerDuty Action 


Create Slack Action 


Update Slack Action 


Test Slack Action 


Get all Action Types 
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Get Actions 
/rest/v1/actions/ 


[GET] 


You can get the list of actions using this API. You can search for actions using 
filters based on criteria you want. 


Input Parameters 


Parameter Description 


filter Form the search query using the filters we provide to 
refine the search for actions. 


Filters supported: 


action.name: 
action.description 
action.type 

action. createdBy 
action.createdById 
action.updatedBy 
action.updatedById 
action.active 
action.disabled 
action.createdDate 
action.updatedDate 
action.emailRecipient 
action.subject 
action.slackChannel 
action.slackWebhookUri 
action. pagerdutyServiceKey 


For detailed information on filters, see the Reference: 
Action Filters. 


pageNo (integer) The page to be returned. 


pageSize (integer) The number of records per page to be 
included in the response. 
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sortField Specify the field that decides the sort order for the 
actions. 

sortOrder Specify if the sorting needs to be ascending or 

{asc|desc} descending order. 


Sample - Get the list of actions 


Let us get the actions that are created by a specific user. 


API request 


curl -X GET --header ‘Accept: application/json' --header 
"Authorization: Basic dXNlcmShbWU6cGFzc3dvcmQK==' 

‘https: //<QualysURL>/cloudview- 

api/rest/vl/actions?filter=action. createdBy%3Duser_john&pageNo=1&pageS 
ize=50&sortOrder=asc' 


Response 


{ 
"id": "24278970-725c-11ea-9959-£36a27b72f5a", 
"name": "string12345", 


"description": "Sample Pager", 
"actionType": "pagerduty", 
"createdBy": "John Doe", 
"createdById": “user john”, 


"updatedBy": “John Doe", 

“updatedById": "user john", 

"created": "2020-03-30T07:57:45.735+0000", 

"updated": "2020-03-30T08:07:35.896+0000", 

"alert": "Qualys CloudView: Cloud Security Assessment 
Alerts\n\n${control.criticality} Severity Control Failure Detected for 
CID ${cid}\n\n*Affected 
Resource*\n\tresourceld:${resource.id}\n\tresourceType:${resource. type 
}\n\tservice: ${service.type}\n\tregion:${region}\n\tcloudType:${provid 
er.type}\n\taccountId:${account.id}\n\tconnectorId:${connectorUuid}\n\ 
tgroupName: ${accountGroup}\n\n*Evaluation 
Summary*\n\tcontrolName:${control.name}\n\tcontrolId:${cid}\n\tpolicyN 
ame: ${policyName}\n\tevaluatedOn: ${evaluatedOn}\n\tevaluationDates: \n\ 
t\tfirstEvaluated:${firstEvaluated}\n\t\tlastEvaluated:${lastEvaluated 
}\n\n*Results*\n\tresult:${control.result}\n\tevidences:\n\t\tsettingN 
ame: ${evidences.key}\n\t\tactualValue: ${evidences.value}\n\nYours 
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Sincerely,\nQualys Support Team\n\n\nFor any assistance, please 
contact our customer support team.", 
"subject": "Sample Pager Action", 
"pagerdutyServiceKey": "c391356a9d7d4c6b8a0257ff91cc3842", 
“pagerdutyEventType": "trigger", 
"activeRules": @, 
“disabledRules": © 


hs 
{ 
"id": "36bc5690-6dcc-11ea-97c4-57de4ff3eb79", 
"name": "Azure Action", 
"description": "Azure Action", 
"actionType": "qemail”, 
"createdBy": "John Doe", 
"createdById": “user john", 


“updatedBy": “John Doe", 

“updatedById": “user john”, 

"created": "2020-03-24T12:37:24.729+0000", 

"updated": "2020-03-24T12:37:24.729+0000", 

"alert": "Qualys CloudView: Cloud Security Assessment 
Alerts\n\n${control.criticality} Severity Control Failure Detected for 
CID ${cid}\n\n*Affected 
Resource*\n\tresourceId:${resource.id}\n\tresourceType: ${resource. type 
}\n\tservice:${service.type}\n\tregion:${region}\n\tcloudType:${provid 
er.type}\n\taccountId:${account.id}\n\tconnectorId:${connectorUuid}\n\ 
tgroupName: ${accountGroup}\n\n*Evaluation 
Summary*\n\tcontrolName:${control.name}\n\tcontrolId:${cid}\n\tpolicyN 
ame:${policyName}\n\tevaluatedOn:${evaluatedOn}\n\tevaluationDates : \n\ 
t\tfirstEvaluated:${firstEvaluated}\n\t\tlastEvaluated:${lastEvaluated 
}\n\n*Results*\n\tresult:${control.result}\n\tevidences:\n\t\tsettingN 
ame:${evidences.key}\n\t\tactualValue:${evidences.value}\n\nYours 
Sincerely,\nQualys Support Team\n\n\nFor any assistance, please 
contact our customer support team.", 

"subject": "Azure CV Test", 

"smtpHost": "mta@1.eng.abc01.example.com", 

"smtpPort": 25, 

"emailRecipients": [ 

"abc@example. com" 


], 
“emailFromAddress": "noreply@example.com", 
"emailReplyTo": "“noreply@example.com", 


"activeRules": @, 
"disabledRules": Q 
Jo 
{ 
"id": "1f695df0-6da2-11ea-8910-77b847F40d61", 
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"name": “Sample Slack", 

"description": "Sample Slack decription", 
"actionType": "slack", 

"createdBy": "John Doe", 

"createdById": “user john”, 


“updatedBy": “John Doe", 

“updatedById": “user john", 

"created": "2020-03-24T07:36:06.735+0000", 

"updated": "2020-03-30T07:54:43.371+0000", 

"alert": "Qualys CloudView: Cloud Security Assessment 
Alerts\n\n*${control.criticality} Severity Control Failure Detected 
for CID ${cid}*\n\n*Affected 
Resource*\n\tresourceld:${resource.id}\n\tresourceType:${resource. type 
}\n\tservice: ${service. type}\n\tregion:${region}\n\tcloudType: ${provid 
er.type}\n\taccountId:${account.id}\n\tconnectorId:${connectorUuid}\n\ 
n*Evaluation 
Summary*\n\tcontrolName:${control.name}\n\tcontrolId:${cid}\n\tpolicyN 
ame:${policyName}\n\tevaluatedOn:${evaluatedOn}\n\tevaluationDates:\n\ 
t\tfirstEvaluated: 
${firstEvaluated}\n\t\tlastEvaluated:${lastEvaluated}\n\n*Results*\n\t 
result: 
${control.result}\n\tevidences:\n\t\tsettingName:${evidences.key}\n\t\ 
tactualValue: ${evidences.value}\n\nYours Sincerely,\nQualys Support 
Team\n\n\nFor any assistance, please contact our 
<mailto:support@qualys.com | customer support team.>", 

"slackWebhookUri": 
"https://hooks.slack.com/services/T95RLRTSL/BRD8PBJ@6/oxQZYxmrBEIex6Mh 
OR6mMmpl", 

“slackChannel": "Sample-slack", 

"activeRules": 1, 

“disabledRules": © 


} 
] 
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Get Action by Id 
/rest/vl/actions/{actionld} 


[GET] 


View details for a specific action which is in the user’s scope. 


Input Parameters 


Parameter Description 


actionld (mandatory) (integer) Specify the action ID of an 
action in the user’s scope. 


Sample - Get action details using the action Id 


Let us fetch details of a Slack action using the action Id. 


API request 


curl -k -X GET -u <username>:<password> 
"https://<QualysURL>/cloudview-api/rest/v1/actions/bd786210-9965 -11e8- 
ab43-6187ace8f6e8 ' 


Response 

{ 
"id": "1f695df0-6da2-11ea-8910-77/7b847f40d61", 
"name": “Sample action", 
"description": "Action details", 
"actionType": "slack", 
"createdBy": "John Doe", 
"createdById": "user john", 


“updatedBy": "John Doe", 

“updatedById": "user john", 

"created": "2020-03-24T07:36:06.735+0000", 

"updated": "2020-03-30T07:54:43.371+0000", 

"alert": "Qualys CloudView: Cloud Security Assessment 
Alerts\n\n*${control.criticality} Severity Control Failure Detected 
for CID ${cid}*\n\n*Affected 
Resource*\n\tresourceld:${resource.id}\n\tresourceType:${resource.type 
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}\n\tservice:${service.type}\n\tregion:${region}\n\tcloudType:${provid 
er.type}\n\taccountId:${account.id}\n\tconnectorId:${connectorUuid}\n\ 
n*Evaluation 
Summary*\n\tcontrolName:${control.name}\n\tcontroliId:${cid}\n\tpolicyN 
ame:${policyName}\n\tevaluatedOn: ${evaluatedOn}\n\tevaluationDates : \n\ 
t\tfirstEvaluated: 
${firstEvaluated}\n\t\tlastEvaluated:${lastEvaluated}\n\n*Results*\n\t 
result: 
${control.result}\n\tevidences:\n\t\tsettingName:${evidences.key}\n\t\ 
tactualValue: ${evidences.value}\n\nYours Sincerely,\nQualys Support 
Team\n\n\nFor any assistance, please contact our 
<mailto:support@qualys.com | customer support team.>", 

"slackWebhookUri": 
"https://hooks.slack.com/services/T95RLRTSL/BRD8PBI@6/oxQZYabcBETex6Mh 
@R6mMxyz", 

"slackChannel": "“sample-slack", 

"activeRules": 1, 

"disabledRules": @ 


} 
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Delete Action 
/rest/v1/actions/delete 


[POST] 


Specify the ID of an existing action you want to delete and the action gets 
deleted. Ensure that action you want to delete is not associated with a rule in 
use. 


Input Parameters 


Parameter Description 


actionld (Array [string]) Specify the ID of an action to be 
deleted and the action gets deleted. You can 
provide multiple Ids separated by comma. 


Example: 


Adsm 
"actionId1, 
actionId2" 


Sample - Delete a specific action 


API request 


curl -k -X POST-u <username>:<password> 
"https://<QualysURL>/cloudview-api/rest/v1/actions/delete' 


Request POST Data 


{ 
go | 
"bd786210-9965-11e8-ab43-6187ace8f6e8", 
"efbf4080-52dd-11ea-a008-cbe911ab6a51" 
] 
} 
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Response 


No Content 
Response Code: 200 
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/rest/v1/actions/email 


[POST] 


CloudView APIs 


You can create an alert to be sent through email (action type:qemail). Specify 
the necessary details in the request body that are required to create an email 
action such as action name, action description, the recipient details, whom the 
email should be sent to and so on. 


Input Parameters 


Parameter 


emailActionRequest 


Description 


(body) Specify the actionName, actionDescription, 
and recipients and so on. Refer to the following 
example for exact syntax. 


{ 
"actionDescription": "string", 
"actionName": "string", 
"recipients": [ 

"example@abc.com" 

l 
"subject": "string" 

} 

Where, 


actionDescription:description that tells the purpose 
of the action 


actionName: name of the action 
recipients: valid email ID of the recipients to whom 
the alert should be sent. You can provide multiple 


email IDs separated by comma. 


subject: subject of the email action 


Sample - Create email action 
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API request 


curl -k -X POST -u <username>:<password> 
‘https://<QualysURL>/cloudview-api/rest/v1/actions/email' 


Request POST Data 


{ 
"actionDescription": "Sample Action Test", 
"actionName": “Sample action", 
"recipients": [ 
"user_john@example.com" 
ls 
"subject": "Sample Alert" 
} 
Response 
i 
"success": "bd786210-9965-11e8-ab43-6187ace8f6e8" 
} 
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/rest/vl/actions/email/{emailActionld} 


[POST] 


You can update email action. Specify the necessary details in the request 
body that are required to update an email action such as action ID, action 
name, action description, the recipient details, whom the email should be sent 


to and so on. 


Input Parameters 


Parameter 


emailActionld 


emailActionRequest 


Description 


(mandatory) Specify the ID of the email action that 
you want to update. 


(body) Specify the actionName, actionDescription, 
and recipients and so on. Refer to the following 
example for exact syntax. 


{ 
"actionDescription": "string", 
"actionName": "string", 
"recipients": [ 

"example@abc.com" 

l 
"subject": "string" 

} 

Where, 


actionDescription:description that tells the purpose 
of the action 


actionName: name of the action 
recipients: valid email ID of the recipients to whom 
the alert should be sent. You can provide multiple 


email IDs separated by comma. 


subject: subject of the email action 
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Let us update the description of an existing action. 


API request 


curl -k -X PUT -u <username>:<password> 
"https ://<QualysURL>/cloudview-api/rest/v1/actions/email/bd786210- 
9965-11e8-ab43-6187ace8f6e8" 


Request POST Data 


{ 
“actionDescription”: "Update Sample Action Test", 
“actionName": "Sample action", 
"recipients": [ 
"user_john@example.com" 
l» 
"subject": "Sample Alert" 
} 
Response 
{ 
"success": "bd786210-9965-11e8-ab43-6187ace8f6e8" 
} 
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Create PagerDuty Action 


/rest/v1/actions/pagerduty 


[POST] 


You can create an alert to be notified through PagerDuty application. Specify 
the necessary details in the request body that are required for PagerDuty 
such as action name, action description, client, and servicekey, and so on. 


Input Parameters 


Parameter 


pagerdutyRequest 


Description 


(body) Specify the action actionName, 
actionDescription, and recipients and so on. Refer to 
the following example for exact syntax. 


{ 
"actionDescription": "string", 
"actionName": "string", 
GEET EIERE 
"serviceKey": “string”, 
"subjectLine": "string" 

} 

Where, 


actionDescription: description that tells the purpose 
of the action 


actionName: name of the action 
client: 


serviceKey: the service key required to connect to 
your PagerDuty account. 


subjectLine: subject of the action 


Sample - Create PagerDuty Action 
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API request 
curl -k -X POST -u <username>:<password> 


"https: //<QualysURL>/cloudview-api/rest/v1/actions/pagerduty ' 


Request POST Data 


{ 
“actionDescription": "Sample PagerDuty action", 
"actionName": “Pagerduty action", 
"client": "sample", 
"serviceKey": "c391356a9d7d4c6b8a0257ff91cc3842", 
"subjectLine": "Test Pager action" 
} 
Response 
À 
"success": "bd786210-9965-11e8-ab43-6187ace8f6e8" 
} 
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Update PagerDuty Action 
/rest/vl/actions/pagerduty/{pagerActionld} 
[PUT] 


You can update the action to be notified through PagerDuty. Specify the 
necessary details in the request body that are required for PagerDuty such as 
action name, action description, the recipient details, whom the alert should 
be sent to and so on. 


Input Parameters 


Parameter Description 


pagerActionld (mandatory) (integer) Specify the pagerAction ID of 
a specific action in the user’s scope. 


pagerdutyRequest (body) Specify the action actionName, 
actionDescription, and recipients and so on. Refer to 
the following example for exact syntax. 


{ 
"actionDescription": "string", 
"actionName": "string", 
"client": "string", 
"serviceKey": "string", 
"subjectLine": "string" 

} 

Where, 


actionDescription: description that tells the purpose 
of the action 


actionName: name of the action 
client: 


serviceKey: the service key required to connect to 
your PagerDuty account. 


subjectLine: subject of the action 
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Sample - Update PagerDuty Action 
API request 
curl -k -X PUT -u <username>:<password> 


‘https: //<QualysURL>/cloudview-api/rest/vl/actions/pagerduty/test' 


Request PUT Data 


{ 
"actionDescription": “Sample PagerDuty action", 
“actionName": "Pagerduty action", 
“elment: “Strings, 
"serviceKey": "c391356a9d7d4c6b8a0257ff91cc3842", 
“subjectLine": “Test Pager action" 
i 
Response 
i 
"success": "O3e5b680-52f6-11ea-a008-che911ab6a51" 
} 
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Test PagerDuty Action 
/rest/v1/actions/pagerduty/test 
[POST] 


You can execute a test action to check if PagerDuty is reachable or not. 


Input Parameters 


Parameter Description 


pagerdutyConnectionParam (body) Specify the servicekey used to be 
able to connect to PagerDuty. 


Example: 


S 

“servicekey": 
"c391356a9d7d4c6b8a0257ff91cc3123" 
} 


Sample - Update PagerDuty Action 


API request 


curl -k -X POST -u <username>:<password> 
‘https: //<QualysURL>/cloudview-api/rest/v1l/actions/pagerduty/test' 


Request POST Data 


d 
"serviceKey": "c391356a9d7d4c6b8a0257ff91cc3842" 
} 
Response 
{ 
"success": “true” 
} 
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Create Slack Action 

/rest/v1/actions/slack 

[POST] 

You can create an alert to be notified through Slack. Specify the necessary 
details in the request body that are required for Slack such as action name, 
action description, the recipient details, whom the alert should be sent to and 


soon. 


Input Parameters 


Parameter Description 


slackRequest (body) Specify the action actionName, 
actionDescription, and recipients and so on. Refer to 
the following example for exact syntax. 


{ 
"actionDescription": "string", 
“actionName": "string", 
"channel": “string”, 
"webhookUri": “string” 

} 

Where, 


actionDescription: description that tells the purpose of 
the action 


actionName: name of the action 
channel: the channel name of your slack account 


webhookUri: the Webhook URI required to connect to 
your slack account to post alert messages. 


Sample - Create Slack Action 


API request 


curl -k -X POST -u <username>:<password> 
"https://<QualysURL>/cloudview-api/rest/v1/actions/slack' 
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Request POST Data 


1 

"actionDescription": "Sample slack action description", 

“actionName": "Sample slack action", 

"channel": "Sample-slack" 

"“webhookUri": 
"https://hooks.slack.com/services/T95RLRTSL/BRD6PBI@7/oxQZYxmrBETex3Mh 
@RSmMmp1" 

} 
Response 
{ 
"success": "bd786210-9965-11e8-ab43-6187ace8f6e8" 
} 
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Update Slack Action 

/rest/vl/actions/slack/{slackActionld} 

[PUT] 

You can update the action to be notified through Slack. Specify the necessary 
details in the request body that are required for Slack such as action name, 
action description, the recipient details, whom the alert should be sent to and 


soon. 


Input Parameters 


Parameter Description 


slackActionld (mandatory) (integer) Specify the slackAction ID of a 
specific action in the user’s scope. 


slackRequest (body) Specify the action actionName, 
actionDescription, and recipients and so on. Refer to 
the following example for exact syntax. 


{ 
"actionDescription": "string", 
"actionName": "string", 
"channel": “string”, 
"webhookUri": “string” 

} 

Where, 


actionDescription: description that tells the purpose of 
the action 


actionName: name of the action 
channel: the channel name of your slack account 


webhookUri: the Webhook URI required to connect to 
your slack account to post alert messages. 


Sample - Update Slack Action 
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API request 


curl -k -X PUT -u <username>:<password> 
‘https: //<QualysURL>/cloudview-api/rest/v1/actions/slack/bd786210- 
9965-11e8-ab43-6187ace8f6e8' 


Request PUT Data 


{ 
"actionDescription": "Sample slack action description", 
"actionName": "Sample slack action", 
"channel": "Sample-slack" 
"webhookUri": 


"https://hooks.slack.com/services/T95RLRTSL/BRD6PBIJ@7/oxQZYxmrBEIex3Mh 
@RSmMmp1" 


} 
Response 
{ 
"success": "bd786210-9965-11e8-ab43-6187ace8f6e8" 
} 
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Test Slack Action 
/rest/v1/actions/slack/test 
[POST] 


You can execute a test action to check if Slack is reachable or not. 


Input Parameters 


Parameter Description 


slackConnectionParam Specify the channel and webhookUri of your 
Slack account used to create the action. 


Example: 


d 


"channel": "Sample Channel", 

"webhookUri": 
"https://hooks.slack.com/services/TOSRLRTSL 
/BRD8PBJ06/0oxQZYxmrBEIex6Mh@R6mMmp1l" 

i 


Sample - Test Slack Action 


API request 


curl -k -X POST -u <username>:<password> 
"https://<QualysURL>/cloudview-api/rest/v1/actions/slack/test' 


Request POST Data 


"channel": "Sample Slack", 

"webhookUri": 
"https://hooks.slack.com/services/T95RLRTSL/BRD8PBJ@6/o0xQZSxmrBEIex5Mh 
OR7mMmp1l" 


} 


Response 


L 


"success": “true” 
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Get all Action Types 
/rest/vl/actions/types 


[GET] 


Fetch the list of actions type we support: gemail, Slack, and PagerDuty. 


Sample - Get the list of action types 


API request 


curl -X GET --header ‘Accept: application/json' --header 
"Authorization: Basic dXNlcmShbWU6cGFzc3dvcmQK==' 
"https://<QualysURL>/cloudview-api/rest/v1/actions/types ' 


Response 

[ 
"qemail", 
"slack", 
“pagerduty” 

] 
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Reference: Action Filters 


You can form the search query using the filters we provide to refine the 
search for actions. 


action.name 

Use quotes or backticks within values to find actions with certain name. 
Examples 

Find actions with name 

action.name: Post to Slack Channel 

Find actions that contain parts of the name 

action.name: "Post to Slack Channel" 

Find actions that match exact value 


action.name: ‘Post to Slack Channel 


action.description 

Use quotes or backticks within values to find actions with certain description. 
Examples 

Find actions with description 

action.description: creates alert by posting to slack channel 

Find actions that contain parts of the description 

action, description: "creates alert by posting to slack channel" 

Find actions that match exact value 


action, description: ‘creates alert by posting to slack channel" 


action.type 


Use a text value #####F to find actions with certain type (Email, slack or 
pagerduty). 
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Example 
Find actions of type 


action.type: SLACK 


action.createdBy 


Use quotes or backticks within values to find actions created by a certain 
user. 


Examples 

Find actions created by user 

action.createdBy: Joe Smith 

Find actions that contain parts of the user name 
action.createdBy: "Joe Smith" 

Find actions that match exact value 


action.createdBy: ‘Joe Smith 


action.createdByld 


Use quotes or backticks within values to find actions created by a certain 
user ID. 


Examples 

Find actions created by user ID 
action.createdById: jsmith 

Find actions that contain parts of the user ID 
action.createdById: "jsmith" 

Find actions that match exact value 


action.createdByld: `jsmith` 


action.updatedBy 
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Use quotes or backticks within values to find actions updated by a certain 
user. 


Examples 

Find actions updated by user 

action.updatedBy: Joe Smith 

Find actions that contain parts of the user name 
action.updatedBy: "Joe Smith" 

Find actions that match exact value 


action.updatedBy: ‘Joe Smith 


action.updatedByld 


Use quotes or backticks within values to find actions updated by a certain 
user ID. 


Examples 

Find actions updated by user ID 
action.updatedById: jsmith 

Find actions that contain parts of the user ID 
action.updatedById: "jsmith" 

Find actions that match exact value 


action.updatedByld: ‘jsmith" 


action.active 


Use an Integer value ##### to find actions with certain number of active 
rules. 


Examples 
Find action with 3 active rules 


action.active : 3 
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Find action with more than 3 active rules 


action.active > 3 


action.disabled 


Use an Integer value ##### to find actions with certain number of disabled 
rules. 


Examples 

Find action with 3 disabled rules 
action.disabled : 3 

Find action with more than 5 disabled rules 


action.disabled > 3 


action.createdDate 

Use a date range or specific date to find when actions were created. 
Examples 

Show actions created within certain dates 

action.createdDate: [2018-02-01 ... 2018-02-12] 

Show actions created starting 2018-02-01, ending 1 month ago 
action.createdDate: [2018-02-01 ... now-1M] 

Show actions created starting 2 weeks ago, ending 1 second ago 
action.createdDate: [now-2w ... now-1s] 

Show actions created on certain date 


action.createdDate: '2018-02-22' 


action.updatedDate 
Use a date range or specific date to find when actions were last modified. 


Examples 
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Show actions updated within certain dates 

action.updatedDate: [2018-02-01 ... 2018-02-12] 

Show actions updated starting 2018-02-01, ending 1 month ago 
action.updatedDate: [2018-02-01 ... now-1M] 

Show actions updated starting 2 weeks ago, ending 1 second ago 
action.updatedDate: [now-2w ... now-1s] 

Show actions updated on certain date 


action.updatedDate: '2018-02-22' 


action.emailRecipient 


Use quotes or backticks within values to find actions with certain email 
recipients. 


Examples 

Find actions with email recipient 
action.emailRecipient: secops-alert@mycompany.com 
Find actions that contain parts of the email recipient 
action.emailRecipient: "secops-alert@mycompany.com" 
Find actions that match exact value 


action.emailRecipient: ‘secops-alert@mycompany.com 


action.subject 


Use quotes or backticks within values to find actions with certain text in the 
subject (email or pagerduty subject). 


Examples 
Find actions with subject 


action.subject: warning 
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Find actions that contain parts of the subject 
action.subject: "warning" 
Find actions that match exact value 


action.subject: ‘warning’ 


action.slackChannel 


Use quotes or backticks within values to find actions with certain slack 
channel name. 


Examples 

Find actions with slack channel 

action.slackChannel: Sec Ops 

Find actions that contain parts of the slack channel name 
action.slackChannel: "Sec Ops" 

Find actions that match exact value 


action.slackChannel: ‘Sec Ops 


action.slackWebhookUri 


Use quotes or backticks within values to find actions with certain Slack 
Webhook URI. 


Examples 
Find actions with Slack Webhook URI 


action.slackWebhookUri: 
https://hooks.slack.com/services/TO0000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX 


Find actions that contain parts of the Slack Webbook URI 


action.slackWebhookUri: 
"https: //hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXX 
x" 


Find actions that match exact value 
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action.slackWebhookUri: 
“https: //hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXX 
x 


action.pagerdutyServiceKey 


Use quotes or backticks within values to find actions with certain pagerduty 
service key. 


Examples 

Find actions with pagerduty service key 
action.pagerdutyServiceKey: 78c52868deb562fcbad765275da 
Find actions that contain parts of the pagerduty service key 
action.pagerdutyServiceKey: "78c52868deb562fcbad765275da" 
Find actions that match exact value 


action.pagerdutyServiceKey: ‘78c52868deb562fcbad765275da 
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Response Notifications 

Response Notifications 

We support following actions for the Response Notifications API: 
Get Activities 


Get Activities by Id 
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/rest/v1/activities 


[GET] 


Cloud View APIs 


You can get the list of activities using this API. You can view the activities for 
a particular cloud provider. 


Input Parameters 


Parameter 


cloudType 


filter 


pageNo 


pageSize 


Description 


(mandatory) Select the cloud provider from AWS, 
Azure, or GCP. 


Form the search query using the filters we provide to 
refine the search for actions. 


Filters supported: 


ruleName 
rule.description 
status 

statusDate 
aggregate 

createdBy 
createdById 
action.name 
action.type 
action.message 
action.subject 
action.emailRecipient 
action.slackChannel 


For detailed information on filters, see the Reference: 
Action Filters. 


(integer) The page to be returned. 


(integer) The number of records per page to be 
included in the response. 


194 


CloudView APIs 


sortField Specify the field that decides the sort order for the 
actions. 

sortOrder Specify if the sorting needs to be ascending or 

{asc|desc} descending order. 


Sample - Get the list of actions 


Let us get the actions that are created by a specific user. 


API request 


curl -X GET --header ‘Accept: application/json' --header 
"Authorization: Basic dXNlcmShbWU6cGFzc3dvcmQK==' 

‘https: //<QualysURL>/cloudview- 

api/rest/vl/actions?filter=action. createdBy%3Duser_john&pageNo=1&pageS 
ize=50&sortOrder=asc' 


Response 


{ 
"id": "24278970-725c-11ea-9959-£36a27b72f5a", 
"name": "string12345", 


"description": "Sample Pager", 
"actionType": "pagerduty", 
"createdBy": "John Doe", 
"createdById": “user john”, 


"updatedBy": “John Doe", 

“updatedById": "user john", 

"created": "2020-03-30T07:57:45.735+0000", 

"updated": "2020-03-30T08:07:35.896+0000", 

"alert": "Qualys CloudView: Cloud Security Assessment 
Alerts\n\n${control.criticality} Severity Control Failure Detected for 
CID ${cid}\n\n*Affected 
Resource*\n\tresourceld:${resource.id}\n\tresourceType:${resource. type 
}\n\tservice: ${service.type}\n\tregion:${region}\n\tcloudType:${provid 
er.type}\n\taccountId:${account.id}\n\tconnectorId:${connectorUuid}\n\ 
tgroupName: ${accountGroup}\n\n*Evaluation 
Summary*\n\tcontrolName:${control.name}\n\tcontrolId:${cid}\n\tpolicyN 
ame: ${policyName}\n\tevaluatedOn: ${evaluatedOn}\n\tevaluationDates: \n\ 
t\tfirstEvaluated:${firstEvaluated}\n\t\tlastEvaluated:${lastEvaluated 
}\n\n*Results*\n\tresult:${control.result}\n\tevidences:\n\t\tsettingN 
ame: ${evidences.key}\n\t\tactualValue: ${evidences.value}\n\nYours 
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Sincerely,\nQualys Support Team\n\n\nFor any assistance, please 
contact our customer support team.", 
"subject": "Sample Pager Action", 
"pagerdutyServiceKey": "c391356a9d7d4c6b8a0257ff91cc3842", 
“pagerdutyEventType": "trigger", 
"activeRules": @, 
“disabledRules": © 


hs 
{ 
"id": "36bc5690-6dcc-11ea-97c4-57de4ff3eb79", 
"name": "Azure Action", 
"description": "Azure Action", 
"actionType": "qemail”, 
"createdBy": "John Doe", 
"createdById": “user john", 


“updatedBy": “John Doe", 

“updatedById": “user john”, 

"created": "2020-03-24T12:37:24.729+0000", 

"updated": "2020-03-24T12:37:24.729+0000", 

"alert": "Qualys CloudView: Cloud Security Assessment 
Alerts\n\n${control.criticality} Severity Control Failure Detected for 
CID ${cid}\n\n*Affected 
Resource*\n\tresourceId:${resource.id}\n\tresourceType: ${resource. type 
}\n\tservice:${service.type}\n\tregion:${region}\n\tcloudType:${provid 
er.type}\n\taccountId:${account.id}\n\tconnectorId:${connectorUuid}\n\ 
tgroupName: ${accountGroup}\n\n*Evaluation 
Summary*\n\tcontrolName:${control.name}\n\tcontrolId:${cid}\n\tpolicyN 
ame:${policyName}\n\tevaluatedOn:${evaluatedOn}\n\tevaluationDates : \n\ 
t\tfirstEvaluated:${firstEvaluated}\n\t\tlastEvaluated:${lastEvaluated 
}\n\n*Results*\n\tresult:${control.result}\n\tevidences:\n\t\tsettingN 
ame:${evidences.key}\n\t\tactualValue:${evidences.value}\n\nYours 
Sincerely,\nQualys Support Team\n\n\nFor any assistance, please 
contact our customer support team.", 

"subject": "Azure CV Test", 

"smtpHost": "mta@1.eng.abc01.example.com", 

"smtpPort": 25, 

"emailRecipients": [ 

"abc@example. com" 


], 
“emailFromAddress": "noreply@example.com", 
"emailReplyTo": "“noreply@example.com", 


"activeRules": @, 
"disabledRules": Q 
Jo 
{ 
"id": "1f695df0-6da2-11ea-8910-77b847f40d61", 
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"name": “Sample Slack", 

"description": "Sample Slack decription", 
"actionType": "slack", 

"createdBy": "John Doe", 


"createdById": “user john”, 

“updatedBy": “John Doe", 

“updatedById": “user john", 

"created": "2020-03-24T07:36:06.735+0000", 

"updated": "2020-03-30T07:54:43.371+0000", 

"alert": "Qualys CloudView: Cloud Security Assessment 
Alerts\n\n*${control.criticality} Severity Control Failure Detected 
for CID ${cid}*\n\n*Affected 
Resource*\n\tresourceld:${resource.id}\n\tresourceType:${resource. type 
}\n\tservice: ${service. type}\n\tregion:${region}\n\tcloudType: ${provid 
er.type}\n\taccountId:${account.id}\n\tconnectorId:${connectorUuid}\n\ 
n*Evaluation 
Summary*\n\tcontrolName:${control.name}\n\tcontrolId:${cid}\n\tpolicyN 
ame:${policyName}\n\tevaluatedOn:${evaluatedOn}\n\tevaluationDates:\n\ 
t\tfirstEvaluated: 
${firstEvaluated}\n\t\tlastEvaluated:${lastEvaluated}\n\n*Results*\n\t 
result: 
${control.result}\n\tevidences:\n\t\tsettingName:${evidences.key}\n\t\ 
tactualValue: ${evidences.value}\n\nYours Sincerely,\nQualys Support 
Team\n\n\nFor any assistance, please contact our 
<mailto:support@qualys.com | customer support team.>", 

"slackWebhookUri": 
"https://hooks.slack.com/services/T95RLRTSL/BRD8PBJ@6/oxQZYxmrBEIex6Mh 
OR6mMmpl", 

“slackChannel": "Sample-slack", 

"activeRules": 1, 

“disabledRules": © 


} 
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Get Activities by Id 
/rest/vl/activities/{activityld} 


[GET] 


You can get the list of activities using this API. You can search for activities 
using filters based on criteria you want. 


Input Parameters 


Parameter Description 


activityld (mandatory) (integer) Specify the action ID of an 
activity in the user’s scope. 


Sample - Get activity details using the activity Id 


Let us fetch details of a Slack action using the action Id. 


API request 


curl -k -X GET -u <username>:<password> 
‘https: //<QualysURL>/cloudview-api/rest/vl/activities/72652f80-702b- 
11ea-80dd-7d15cdc80752" 


Response 
{ 
"actionId": “1f695df0-6da2-11ea-8910-77b847f40d61", 
"actionName": "Sample Slack Action", 
"actionType": "slack", 
"aggregate": true, 
"alert": "Qualys CloudView: Cloud Security Assessment 


Alerts\n\n*MEDIUM Severity Control Failure Detected for CID 
99*\n\n*Affected Resource*\n\tresourceld:arn:aws: lambda: us-east- 

1: 205767712438: function: getEntitlementLambdaEast\n\tresourceType: LAMBD 
A\n\tservice: LAMBDA\n\tregion:us-east- 

1\n\tcloudType: AWS\n\taccountId: 205767712438\n\tconnectorId: £8c3b440- 
4eaf-11ea-bfef-@dd8ca3bcd2e\n\n*Evaluation 
Summary*\n\tcontrolName:Ensure that Multiple Triggers are not 
configured in $Latest Lambda 
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Function\n\tcontrolId:99\n\tpolicyName:AWS Lambda Best Practices 
Policy\n\tevaluatedOn:1585314208935\n\tevaluationDates:\n\t\tfirstEval 
uated: 
1581636116942\n\t\tlastEvaluated: 1585314208935 \n\n*Results*\n\tresult: 
FAIL\n\tevidences:\n\t\tsettingName: [Total Triggers , Multiple 
Triggers, Function Arn, Function Name, Role Arn]\n\t\tactualValue: [2, 
Yes, arn:aws: lambda:us-east- 
1: 205767712438: function: getEntitlementLambdaEast, 
getEntitlementLambdaEast, 
arn:aws:iam: :205767712438:role/BizApps_Lambda_Role]\n\nYours 
Sincerely, \nQualys Support Team\n\n\nFor any assistance, please 
contact our <mailto:support@qualys.com | customer support team.>", 

"createdBy": “John Doe", 

“createdById": “user john", 

"cloudType": "AWS", 

“emailRecipients": [], 

"id": "7265280-702b-11ea-80dd-7d15cdc80752", 

"ruleDescription": "Slack 1", 

"ruleId": "3dfc5050-7028-11ea-beeb-3fad76b6f6b5", 

"ruleName": "slack 01 aws", 

"slackChannel": "Sample-slack-channel", 

"status": "SUCCESS", 

"statusDate": 1585314249790, 

"isRuleDeleted": false 
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Reference: Notification Filters 


action.message 


ruleName 

Use quotes or backticks within values to find rules with certain name. 
Examples 

Find rules with name 

ruleName: my first rule 

Find rules that contain parts of the name 

ruleName: "my first rule" 

Find rules that match exact value 


ruleName: ‘my first rule’ 


ruleDescription 

Use quotes or backticks within values to find rules with certain description. 
Examples 

Find rules with description 

ruleDescription: this rule is used for alerting 

Find rules that contain parts of the description 

ruleDescription: "this rule is used for alerting" 

Find rules that match exact value 


ruleDescription: ‘this rule is used for alerting’ 


status 


Use a text value ##### to find rules with certain status (Success, Retrying or 
Error). 


Example 
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Find rules with status 


status: SUCCESS 


statusDate 


Use a date range or specific date to find when rule status were last modified 
from one status to another (eg. from Error to Success). 


Examples 

Show rule status modified within certain dates 

statusDate: [2018-02-01 ... 2018-02-12] 

Show rule status modified starting 2018-02-01, ending 1 month ago 
statusDate: [2018-02-01 ... now-1M] 

Show rule status modified starting 2 weeks ago, ending 1 second ago 
statusDate: [now-2w ... now-1s] 

Show rule status modified on certain date 


statusDate: '2018-02-22' 


aggregate 


Use the values true | false to find rules configured to aggregate multiple 
matches into a single output. 


Example 
Show aggregated rules 


aggregate: TRUE 


createdBy 

Use quotes or backticks within values to find rules created by a certain user. 
Examples 

Find rules created by user 


createdBy: Joe Smith 
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Find rules that contain parts of the user name 
createdBy: "Joe Smith" 
Find rules that match exact value 


createdBy: ‘Joe Smith” 


createdByld 


Use quotes or backticks within values to find rules created by a certain user 
ID. 


Example 

Find rules created by user ID 

createdById: jsmith 

Find rules that contain parts of the user ID 
createdById: "jsmith" 

Find rules that match exact value 


createdById: ‘smith 


action.name 

Use quotes or backticks within values to find actions with certain name. 
Examples 

Find actions with name 

action.name: Post to Slack Channel 

Find actions that contain parts of the name 

action.name: "Post to Slack Channel" 

Find actions that match exact value 


action, name: ‘Post to Slack Channel" 


action.type 


202 


CloudView APIs 


Use a text value #####F to find actions with certain type (Email, slack or 
pagerduty). 


Example 
Find actions of type 


action.type: SLACK 


action.message 


Use quotes or backticks within values to find rules with certain text in the 
message (email, slack or pagerduty messages). 


Examples 

Find rules with message 

action.message: to operations team 

Find rules that contain parts of the message 
action.message: "to operations team" 

Find rules that match exact value 


action.message: ‘to operations team’ 


action.emailRecipient 


Use quotes or backticks within values to find actions with certain email 
recipients. 


Examples 

Find actions with email recipient 
action.emailRecipient: secops-alert@mycompany.com 
Find actions that contain parts of the email recipient 
action.emailRecipient: "secops-alert@mycompany.com" 
Find actions that match exact value 


action.emailRecipient: ‘secops-alert@mycompany.com 
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action.subject 


Use quotes or backticks within values to find actions with certain text in the 
subject (email or pagerduty subject). 


Examples 

Find actions with subject 

action.subject: warning 

Find actions that contain parts of the subject 
action.subject: "warning" 

Find actions that match exact value 


action.subject: ‘warning 


action.slackChannel 


Use quotes or backticks within values to find actions with certain slack 
channel name. 


Examples 

Find actions with slack channel 

action.slackChannel: Sec Ops 

Find actions that contain parts of the slack channel name 
action.slackChannel: "Sec Ops" 

Find actions that match exact value 


action.slackChannel: ‘Sec Ops` 
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Response Rules 


Response Rules 

We provide APIs to create rule, update a rule, delete a rule, enable or disable 
rules. Before you proceed with creation of rules, ensure that you have pre- 
defined actions for the rule. 


Get Rules 


Get Rules by Id 


Create Rules 


Update Rules 


Delete Rules 


Disable Rules 


Enable Rules 
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Get Rules 
/rest/v1/rules 


[GET] 


You can get the list of rules using this API. You can search for rules for a cloud 
provider using filters we support 


Input Parameters 


Parameter Description 


cloudType (mandatory) Select the cloud provider from AWS, 
Azure, or GCP. 


filter Form the search query using the filters we provide to 
refine the search for rules. 


Filters supported: 


ruleName 
rule.description 
trigger 

ruleQuery 

createdBy 
createdById 
updatedBy 
updatedById 
ruleState 
createdDate 
updatedDate 

lastRun 

aggregate 
aggregationGroup 
action.message 
action.subject 
action.slackChannel 
action.emailRecipient 
action.type 
action.name 


For detailed information on filters, see the Reference: 
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Action Filters. 


pageNo (integer) The page to be returned. 


pageSize (integer) The number of records per page to be 
included in the response. 


sortField Specify the field that decides the sort order for the 
rules. 

sortOrder Specify if the sorting needs to be ascending or 

{asc|desc} descending order. 


Sample - Get the list of rules 


Let us get the rules for simple_alerts rule type for AWS cloud provider. 


API request 


curl -X GET --header ‘Accept: application/json' --header 
"Authorization: Basic dXNlcmShbWU6cGFzc3dvcmQK==' 

‘https: //<QualysURL>/cloudview- 
api/rest/v1/rules?cloudType=AWS&pageNo=18pageSize=50&ruleType=simple a 
lert&sortOrder=asc' 


Response 


[ 
{ 
"id": "3dfc5050-7028-11ea-beeb-3fad76b6f6b5", 
"cloudType": "AWS", 
"ruleType": “simple alert", 
"name": "slack @1 aws", 
"description": “Slack 1", 
"qql": “cid:99 and account. id :XXXXXXXXXXXXand 
control.result:FAIL", 
"aggregate": false, 
“actions: | 


À 
"id": "1f695df0-6da2-11ea-8910-77b847F40d61", 
"actionType": "slack", 
"name": "slack cv public api", 


"subject": null, 
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"alert": "Qualys CloudView: Cloud Security Assessment 
Alerts\n\n*${control.criticality} Severity Control Failure Detected 
for CID ${cid}*\n\n*Affected 
Resource*\n\tresourceld:${resource.id}\n\tresourceType:${resource.type 
}\n\tservice: ${service.type}\n\tregion:${region}\n\tcloudType:${provid 
er.type}\n\taccountId:${account.id}\n\tconnectorId:${connectorUuid}\n\ 
n*Evaluation 
Summary*\n\tcontrolName:${control.name}\n\tcontrolId:${cid}\n\tpolicyN 
ame:${policyName}\n\tevaluatedOn:${evaluatedOn}\n\tevaluationDates:\n\ 
t\tfirstEvaluated: 
${firstEvaluated}\n\t\tlastEvaluated:${lastEvaluated}\n\n*Results*\n\t 
result: 
${control.result}\n\tevidences:\n\t\tsettingName:${evidences.key}\n\t\ 
tactualValue: ${evidences.value}\n\nYours Sincerely,\nQualys Support 
Team\n\n\nFor any assistance, please contact our 
<mailto:support@qualys.com | customer support team.>", 

"emailRecipients": null, 

“slackChannel": "Sample-slack", 

"subjectParameters": [], 

“bodyParameters": [ | 


l 
], 


"created": "2020-03-27112:41:12.917/7+0000", 
"createdBy": “John Doe", 

“createdById": “user john", 

"updated": “2020-03-27T12:41:12.917+0000", 
“updatedBy": “John Doe", 

“updatedById": “user john”, 

"LastRun": "2020-04-29T05:39:32.974+0000", 
“"ruleState": "DISABLED", 

“durationHour": ©, 

"fromHourInUTC": 0, 

"fromMinuteInUTC": © 


"id": "368fea00-702a-11ea-beeb-3fad76b6fF6b5", 
"cloudType": "AWS", 


"ruleType": "time_window_schedule alert", 
"days": [ 

1, 

2, 

3, 

4, 

5) 

6, 

7 
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l- 
"name": “time window", 
"description": "Time", 


"Tool": “cid:98 and accountGroup:Sample and control.result:FAIL", 
"aggregate": true, 

"aggregationKey": “account.id", 

"actions": [ 


"id": "2a8bda80-7029-11ea-beeb-3fad76b6f6b5", 

“actionType": "qemail", 

"name": “Time email", 

"subject": "Time window", 

"alert": "Qualys CloudView: Cloud Security Assessment 
Alerts\n\n${control.criticality} Severity Control Failure Detected for 
CID ${cid}\n\n*Affected 
Resource*\n\tresourceld:${resource.id}\n\tresourceType:${resource. type 
}\n\tservice: ${service.type}\n\tregion:${region}\n\tcloudType:${provid 
er.type}\n\taccountId:${account.id}\n\tconnectorId:${connectorUuid}\n\ 
tgroupName: ${accountGroup}\n\n*Evaluation 
Summary*\n\tcontrolName:${control.name}\n\tcontrolId:${cid}\n\tpolicyN 
ame:${policyName}\n\tevaluatedOn:${evaluatedOn}\n\tevaluationDates:\n\ 
t\tfirstEvaluated:${firstEvaluated}\n\t\tlastEvaluated:${lastEvaluated 
}\n\n*Results*\n\tresult:${control.result}\n\tevidences:\n\t\tsettingN 
ame:${evidences.key}\n\t\tactualValue:${evidences.value}\n\nYours 
Sincerely,\nQualys Support Team\n\n\nFor any assistance, please 
contact our customer support team.", 

“emailRecipients": [ 

"abc@example. com" 

IE 

“slackChannel": null, 

“subjectParameters": [], 

“bodyParameters": [] 


} 
], 
"created": "2020-03-27112:55:19.456+0000", 
"createdBy": "John Doe", 
“createdById": “user john", 


"updated": "2020-03-27112:55:19.456+0000", 
"updatedBy": “John Doe", 

“updatedById": "user john", 

"lastRun": "2020-03-27114:00:00.163+0000", 
"puleState": "DISABLED", 

"durationHour": 3600000, 

"fromHourInUTC": 13, 

"fromMinuteInUTC": @ 


D 
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"id": "12ec9a00-7028-11ea-beeb-3fad76b6F6b5", 

"cloudType": "AWS", 

"ruleType": “simple alert", 

"name": "test@1 aws", 

"description": "Testi", 

"Tool": "“cid:10@ and account.id:XXXXXXXXXXXXand control.result: FAIL 
and firstEvaluated:[now-1M .. now]", 

"aggregate": false, 

“actions «+. i| 


"id": "#913b4a0-6d9e-11ea-97c4-57de4ff3eb79", 

"actionType": "qemail”, 

"name": “Public ApI", 

"subject": "Public API testing", 

"alert": "Qualys CloudView: Cloud Security Assessment 
Alerts\n\n${control.criticality} Severity Control Failure Detected for 
CID ${cid}\n\n*Affected 
Resource*\n\tresourceld:${resource.id}\n\tresourceType:${resource. type 
}\n\tservice: ${service.type}\n\tregion:${region}\n\tcloudType:${provid 
er.type}\n\taccountId:${account.id}\n\tconnectorId:${connectorUuid}\n\ 
tgroupName: ${accountGroup}\n\n*Evaluation 
Summary*\n\tcontrolName:${control.name}\n\tcontrolId:${cid}\n\tpolicyN 
ame:${policyName}\n\tevaluatedOn:${evaluatedOn}\n\tevaluationDates:\n\ 
t\tfirstEvaluated:${firstEvaluated}\n\t\tlastEvaluated:${lastEvaluated 
}\n\n*Results*\n\tresult:${control.result}\n\tevidences:\n\t\tsettingN 
ame: ${evidences.key}\n\t\tactualValue: ${evidences.value}\n\nYours 
Sincerely, \nQualys Support Team\n\n\nFor any assistance, please 
contact our customer support team.", 

"emailRecipients": [ 

"abc@example.com" 

l 

"slackChannel": null, 

"subjectParameters": [], 

"bodyParameters": [] 

} 
IE 
"created": "2020-03-27112:40:00.672+0000", 
"createdBy": “John Doe", 
“createdById": “user john", 
"updated": "2020-03-27112:40:00.672+0000", 
“updatedBy": “John Doe", 
“updatedById": "user john", 
"LastRun": "2020-03-27113:04:03.135+0000", 
“"ruleState": "DISABLED", 
“durationHour": ©, 
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“fromHourInUTC": 0, 
"fromMinuteInUTC": o 


"id": "dcf05f80-8ad1-11ea-9f4c-35b43d39dafc", 

"cloudType": "AWS", 

"ruleType": “simple alert", 

"name": “slack New template rule 01", 

"description": "slack New Template", 

"Tool": “cid:99 and account.id:XXXXXXXXXXXXand 
control. result:FALIL ; 

"aggregate": false, 

"actions": [ 


{ 
"id": "S1cba540-8ad1-11ea-9f4c-35b43d39dafc", 
"actionType": "slack", 
"name": "slack new template", 
"subject": null, 
"alert": "Qualys CloudView: Cloud Security Assessment 


Alerts\n\nAn assessment failure has been identified for resource 
\"${resource.id}\" and control \"${cid}\" in your Qualys 
subscription. \n\n*Impacted 
Resource*\n\tresourceld:${resource.id}\n\tresourceType:${resource. type 
}\n\tservice: ${service. type}\n\tregion:${region}\n\tcloudType: ${provid 
er.type}\n\taccountId:${account.id}\n\tconnectorId:${connectorUuid}\n\ 
tgroupName: ${accountGroup}\n\n*Evaluation 
Summary*\n\tcontrolName:${control.name}\n\tcontrolId:${cid}\n\tpolicyN 
ame:${policyName}\n\tevaluatedOn:${evaluatedOnDateFormat}\n\tevaluatio 
nDates:\n\t\tfirstEvaluated:${firstEvaluatedDateFormat}\n\t\tlastEvalu 
ated: ${lastEvaluatedDateFormat}\n\n*Evidence*\n\tresult:${control.resu 
1t}\n\tevidences: \n\t\tsettingName:${evidences.key}\n\t\tactualValue:$ 
{evidences.value}\n\nUse this information here to investigate the 
failure and take appropriate actions to fix it.", 

"emailRecipients": null, 

"slackChannel": "Sample-slack", 

“subjectParameters": [], 

“bodyParameters": [ ] 

} 


]; 
"created": "2020-04-30T11:00:54.776+0000", 


"createdBy": “John Doe", 

"createdById": “user john”, 

"updated": “2020-04-30T11:00:54.776+0000", 
“updatedBy": “John Doe", 

“updatedById": “user john”, 

"LastRun": "2020-04-30T11:10:36.749+0000", 
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"puleState": "ENABLED", 
“durationHour": @, 
"fromHourInUTC": @, 
"fromMinuteInUTC": o 
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Get Rules by Id 
/rest/v1/rules/{ruleld} 


[GET] 


Specify the rule ID and fetch rule details. 


Input Parameters 


Parameter Description 


ruleld (mandatory) (integer) Specify the ID of rule in the 
user’s scope. 


Sample - Get rule details using the rule Id 


Let us get the rules for simple_alerts rule type for AWS cloud provider. 


API request 


curl -X GET --header ‘Accept: application/json' --header 
"Authorization: Basic dXNlcmShbWU6cGFzc3dvcmQK==' 

‘https: //<QualysURL>/cloudview-api/rest/v1/rules/368fea00-702a-11ea- 
beeb-3fad76b6f6b5 ' 


Response 


í 
"id": "368fea00-702a-11ea-beeb-3fad76b6f6b5", 


"cloudType": "AWS", 


"ruleType": “time window schedule alert", 
"days": [ 

1, 

2, 

3, 

4, 

5, 

6, 

7 
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"name": "time window", 
"description": "Time", 
"qql": “cid:98 and accountGroup:sampleaccount and 


control jresult: FAIL’ ; 
"aggregate": true, 
“"aggregationKey: “account.id", 
"actions": [ 


{ 
"id": "2a8bda80-7029-11ea-beeb-3fad76b6f6b5", 
"actionType": "qemail", 
"name": “Time email", 
"subject": "Time window", 
"alert": "Qualys CloudView: Cloud Security Assessment 


Alerts\n\n${control.criticality} Severity Control Failure Detected for 
CID ${cid}\n\n*Affected 
Resource*\n\tresourceId:${resource.id}\n\tresourceType:${resource. type 
}\n\tservice:${service.type}\n\tregion:${region}\n\tcloudType:${provid 
er.type}\n\taccountId:${account.id}\n\tconnectorId:${connectorUuid}\n\ 
tgroupName: ${accountGroup}\n\n*Evaluation 
Summary*\n\tcontrolName:${control.name}\n\tcontrolId:${cid}\n\tpolicyN 
ame:${policyName}\n\tevaluatedOn:${evaluatedOn}\n\tevaluationDates:\n\ 
t\tfirstEvaluated:${firstEvaluated}\n\t\tlastEvaluated:${lastEvaluated 
}\n\n*Results*\n\tresult:${control.result}\n\tevidences:\n\t\tsettingN 
ame:${evidences.key}\n\t\tactualValue:${evidences.value}\n\nYours 
Sincerely,\nQualys Support Team\n\n\nFor any assistance, please 
contact our customer support team.", 

“emailRecipients": [ 

"abc@example. com" 

l 

"slackChannel": null, 

"subjectParameters": [], 

"bodyParameters": [] 


} 
], 
"created": "2020-03-27112:55:19.456+0000", 
"createdBy": “John Doe", 
"createdById": “user john", 


"updated": “2020-03-27T12:55:19.456+0000", 
“updatedBy": “John Doe", 

“updatedById": “user john", 

"ruleState": "ENABLED", 

“durationHour": 3600000, 

"fromHourInUTC": 13, 

"fromMinuteInUTC": @ 
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/rest/v1/rules 


[POST] 


Cloud View APIs 


You can create rule and specify the criteria for the alert to be generated using 
the actions you define. Specify the necessary details in the request body that 
are required to create rule such as actionld, actionType, emailRecipients, 
emailSubject, and so on. 


Input Parameters 


Parameter 


cloudType 


ruleType 


Description 


(mandatory) Select the cloud provider from AWS, 
Azure, or GCP. 


Select the rule type: simple_alert or 
time_window_schedule_alert. Depending on the rule 
type you select, the elements in the ruleBody are 
different. 


Select the rule type: simple_alert or 
time_window_schedule_alert. Depending on the rule 
type you select, the elements in the ruleBody are 
different. 


Simple_alert: For simple_alert rule type, below 
parameters are optional. 


aggregate 
aggregationKey 
durationHour 
fromHourInUTC 
fromMinuteInUTC 


time_window_schedule alert: For 
time_ window schedule alert rule type, you need to 
provide all the parameters. 
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(body) Specify the different elements needed in the 
request body for a rule. Refer to the following example 
for exact syntax. 


{ 


"actionRequests": [ 
S 
ST e En De aS ERINE 
"actionType": “qemail", 
"emailRecipients": [ 
“Ses 
l 
"emailSubject": "string", 
"pagerSubjectLine": "string", 
"slackChannel": "string" 
} 
lls 
"aggregate": true, 
"aggregationKey": "string", 
"description": "string", 
"durationHour": 0, 
"fromHourInUTC": 0, 
"fromMinuteInUTC": ©, 


"name": "string", 
SEH EE EE 

} 

Where, 


actionld: ID of the action you have defined. 


actionType: type of the action to be implemented: 
gemail, pagerduty, or slack. 


emailRecipients: valid email ID of the recipients to 
whom the alert should be sent. You can provide 
multiple email IDs separated by comma. 
Depending on the application mode you choose to 
send alerts, you may define either one or more 
elements: 


emailSubject: subject of the email action 


pagerSubjectLine: subject for alert using PagerDuty 
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application 


slackChannel: name of the channel to access Slack 
application 


Sample - Create a rule using Slack application 
API request 
curl -k -X POST -u <username>:<password> 


‘https: //<QualysURL>/cloudview- 
api/rest/v1/rules?cloudType=AWS&ruleType=time window schedule alert' 


Request POST Data 


1 
"actionRequests": [ 
{ 
“actionId": "b2af9830-5dfe-11ea-b157-8ba65cd99c15", 
"actionType": "slack" 
} 


l 

"aggregate": true, 

"aggregationKey":"region", 

"description": “Slack Public API Rule", 

"durationHour": 0, 

"fromHourInUTC": 0, 

"fromMinuteInUTC": 0, 

"name": “Slack Api", 

"Tool": “cid:99 and account. id:XXXXXXXXXXXX and control.result:FAIL 
and firstEvaluated:[now-4M .. now]" 


T 
Response 
if 
"success": "5ac209e0-9966-11e8-ab43-6187ace8f6e8" 
} 
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Update Rules 
/rest/v1/rules/{ruleld} 
[PUT] 


You can update rules. Specify the necessary details in the request body that 
are required to update an rules such as action ID, action name, action 
description, the recipient details, whom the email should be sent to and so on. 


Input Parameters 


Parameter Description 


ruleld (mandatory) (integer) Specify the ID of rule in the 
user’s scope. 


ruleBody (body) Specify the different elements needed in the 
request body for a rule. Refer to the following example 
for exact syntax. 


{ 


"actionRequests": [ 
{ 
"actionId": "string", 
"actionType": “qemail", 
"emailRecipients": [ 
"string" 
IE 
"emailSubject": "string", 
“pagerSubjectLine": "string", 
"slackChannel": "string" 
} 
IE 


"aggregate": true, 
"aggregationKey": "string", 
"description": "string", 
“durationHour": @, 
“fromHourInUTC": @, 
"FromMinuteInUTC": Oo, 
"name": "string", 

"Tool": “string” 
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Where, 
actionld: ID of the action you have defined. 


actionType:type of the action to be implemented: 
gemail, pagerduty, or slack. 


emailRecipients: valid email ID of the recipients to 
whom the alert should be sent. You can provide 
multiple email IDs separated by comma. 


Depending on the application mode you choose to 
send alerts, you may define either one or more 
elements: 


emailSubject: subject of the email action 


pagerSubjectLine: subject for alert using PagerDuty 
application 


slackChannel: channel name to access Slack 
application 


Sample - Update rules 


API request 


curl -k -X PUT -u <username>:<password> 
‘https: //<QualysURL>/cloudview-api/rest/v1/rules/1a841990-5dff-11ea- 
a923-6b29e6c4cbec?ruleType=simple alert 


Request PUT Data 


if 
"actionRequests": [ 
{ 
“actionId": "b2af9830-5dfe-11ea-b157-8ba65cd99c15", 
"actionType": "slack" 
} 
l» 


"aggregate": true, 
"aggregationKey":"region", 
"description": “Slack Public APi Rule", 


"durationHour": 0, 
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"fromHourInUTC": 0, 

"fFromMinuteInUTC": 6, 

"name": "Slack Api", 

"qql": “cid:99 and account.id:205767712438 and control.result: FAIL 
and firstEvaluated:[now-4M .. now]" 


} 
Response 
il 
"success": "bd786210-9965-11e8-ab43-6187ace8f6e8" 
} 
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Delete Rules 
/rest/v1/rules/delete 


[POST] 


Specify the ID of an existing rule you want to delete and the rule gets deleted. 
Ensure that the rules you want to delete are disabled. If a rule is enabled, you 
cannot delete the rule. 


Input Parameters 


Parameter Description 


rulelds (Array [string]) Specify the ID of an rule to be 
deleted and the rule gets deleted. You can 
provide multiple Ids separated by comma. 


Example: 
“ioes If 
"string" 


] 
} 


Sample - Delete rules 


API request 


curl -k -X POST-u <username>:<password> 
‘https: //<QualysURL>/cloudview-api/rest/v1/rules/delete' 


Request POST Data 
Que el 


"1a841990-5dff-11ea-a923-6b29e6c4cbec", 
"efbf4080-52dd-11ea-a00@8-cbe911ab6a51" 
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Response 


No Content 
Response Code: 200 


Response returns status code 200 with rule detail for rules that cannot be 
deleted. If rules are in enabled state, you need to disable them before deleting 


Response 


{ 
“"efbf4080-52dd-11ea-a008-cbhbe911ab6a51": “Cannot delete enable rule." 


} 
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Disable Rules 
/rest/v1/rules/disable 


[POST] 


Specify the ID of an existing rule you want to disable and the rule gets 
disabled. 


Input Parameters 


Parameter Description 


rulelds (Array [string]) Specify the ID of an rule to be 
deleted and the rule gets disabled. You can 
provide multiple Ids separated by comma. 


Example: 


{ 
ids 
“String 
] 
} 


Sample - Disable rules 


API request 


curl -k -X POST-u <username>:<password> 
'https://<QualysURL>/cloudview-api/rest/v1/rules/disable' 


Request POST Data 
rds H 


"1a841990-5dff-11ea-a923-6b29e6c4cbec", 
"efbf4080-52dd-11ea-a008-cbe911ab6a51" 
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Response 


No Content 
Response Code: 200 
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Enable Rules 
/rest/v1/rules/enable 


[POST] 


Specify the ID of an existing rule you want to enable and the rule gets 
enabled. 


Input Parameters 


Parameter Description 


rulelds (Array [string]) Specify the ID of an rule to be 
enabled and the rule gets enabled. You can 
provide multiple Ids separated by comma. 


Example: 
dS 
"string" 


] 
} 


Sample - Enable rules 


API request 


curl -k -X POST-u <username>:<password> 
‘https: //<QualysURL>/cloudview-api/rest/v1/rules/enable 


Request POST Data 


Ok 
"1a841990-5dff-11ea-a923-6b29e6c4cbec", 
"efbf4080-52dd-11ea-aQ08-cbe911ab6a51" 


Response 
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No Content 
Response Code: 200 
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Reference: Rule Filters 


You can form the search query using the filters we provide to refine the 
search for actions. 


ruleName 

Use quotes or backticks within values to find rules with certain name. 
Examples 

Find rules with name 

ruleName: my first rule 

Find rules that contain parts of the name 

ruleName: "my first rule" 

Find rules that match exact value 


ruleName: ‘my first rule’ 


ruleDescription 

Use quotes or backticks within values to find rules with certain description. 
Examples 

Find rules with description 

ruleDescription: this rule is used for alerting 

Find rules that contain parts of the description 

ruleDescription: "this rule is used for alerting" 

Find rules that match exact value 


ruleDescription: ‘this rule is used for alerting’ 


trigger 


Use a text value #####F to find rules with a certain trigger (Single Match or 
Time Window Scheduled Match). 
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Example 
Find rules with trigger 


trigger: SINGLE MATCH 


ruleQuery 


Use quotes or backticks within values to find rules with a certain query (use 
Qualys Query Language). 


Examples 

Find rules with query 

ruleQuery: asset.score 

Find rules that contain parts of the query 
ruleQuery: "asset.score" 

Find rules that match exact value 


ruleQuery: ‘asset.score 


createdBy 

Use quotes or backticks within values to find rules created by a certain user. 
Examples 

Find rules created by user 

createdBy: Joe Smith 

Find rules that contain parts of the user name 

createdBy: "Joe Smith" 

Find rules that match exact value 


createdBy: ‘Joe Smith’ 


createdByld 


Use quotes or backticks within values to find rules created by a certain user 
ID. 
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Example 

Find rules created by user ID 

createdById: jsmith 

Find rules that contain parts of the user ID 
createdById: "jsmith" 

Find rules that match exact value 


createdById: ‘smith 


ruleState 


Use a text value ##### to find rules by a certain running state (Enabled or 
Disabled). 


Example 
Find rules with state 


ruleState: ENABLED 


createdDate 

Use a date range or specific date to find when rules were created. 
Examples 

Show rules created within certain dates 

createdDate: [2018-02-01 ... 2018-02-12] 

Show rules created starting 2018-02-01, ending 1 month ago 
createdDate: [2018-02-01 ... now-1M] 

Show rules created starting 2 weeks ago, ending 1 second ago 
createdDate: [now-2w ... now-1s] 

Show rules created on certain date 


createdDate: '2018-02-22' 
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updatedDate 

Use a date range or specific date to find when rules were last modified. 
Examples 

Show rules updated within certain dates 

updatedDate: [2018-02-01 ... 2018-02-12] 

Show rules updated starting 2018-02-01, ending 1 month ago 
updatedDate: [2018-02-01 ... now-1M] 

Show rules updated starting 2 weeks ago, ending 1 second ago 
updatedDate: [now-2w ... now-1s] 

Show rules updated on certain date 


updatedDate: '2018-02-22' 


lastRun 

Use a date range or specific date to find when rules were last executed. 
Examples 

Show rules last run within certain dates 

lastRun: [2018-02-01 ... 2018-02-12] 

Show rules last run starting 2018-02-01, ending 1 month ago 

lastRun: [2018-02-01 ... now-1M] 

Show rules last run starting 2 weeks ago, ending 1 second ago 

lastRun: [now-2w ... now-1s] 

Show rules last run on certain date 


lastRun: '2018-02-22' 


aggregate 
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Use the values true | false to find rules configured to aggregate multiple 
matches into a single output. 


Example 
Show aggregated rules 


aggregate: TRUE 


aggregationGroup 


Use quotes or backticks within values to find rules aggregated into a certain 
group. 


Examples 

Find rules with aggregation group 

aggregationGroup: hostname 

Find rules that contain parts of the aggregation group name 
aggregationGroup: "hostname" 

Find rules that match exact value 


aggregationGroup: "bostname ` 


action.message 


Use quotes or backticks within values to find rules with certain text in the 
message (email, slack or pagerduty messages). 


Examples 

Find rules with message 

action.message: to operations team 

Find rules that contain parts of the message 
action.message: "to operations team" 

Find rules that match exact value 


action.message: ‘to operations team’ 
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action.subject 


Use quotes or backticks within values to find rules with certain text in the 
subject (email or pagerduty subject). 


Examples 

Find rules with subject 

action.subject: warning 

Find rules that contain parts of the subject 
action.subject: "warning" 

Find rules that match exact value 


action.subject: ‘warning’ 


action.slackChannel 


Use quotes or backticks within values to find rules with certain slack channel 
name. 


Examples 

Find rules with slack channel 

action.slackChannel: Sec Ops 

Find rules that contain parts of the slack channel name 
action.slackChannel: "Sec Ops" 

Find rules that match exact value 


action.slackChannel: ‘Sec Ops 


action.emailRecipient 


Use quotes or backticks within values to find rules with certain email 
recipients. 


Examples 


Find rules with email recipient 
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action.emailRecipient: secops-alert@mycompany.com 
Find rule that contain parts of the email recipient 
action.emailRecipient: "secops-alert@mycompany.com" 
Find rules that match exact value 


action.emailRecipient: ‘secops-alert@mycompany.com 


action.type 


Use a text value ##### to find rules with certain action type (Email, slack or 
pagerduty). 


Example 
Find rules of action type 


action.type: EMAIL 


action.name 
Use quotes or backticks within values to find rules with certain action name. 
Examples 

Find rules with action 

action.name: Post to Slack Channel 

Find rules that contain parts of the action name 

action.name: "Post to Slack Channel" 

Find rules that match exact value 


action, name: ‘Post to Slack Channel" 
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User Access Management APIs 


Get the User Scope 
/rest/v1/users/{userName}/scope 


[GET] 


You can fetch the group details by specifying the unique Id assigned to a 
group. 


Input Parameters 


Parameter Description 


userName (string) Provide the username for which the scope 
needs to be determined. 


Sample - Get the list of groups 


API request 


curl -k -X GET -u <username>:<password> 
"https: //<QualysURL>/cloudview-api/rest/v1/users/user_john/scope' 


Response 


"groups": [ 
il 
"uuid": "52660405-27d3-3f69-b764-b09861ab4c494", 
"title": “Example group", 
"connectorCount": 2 
1 
l» 
"AWS": { 
"directAccountScope": [ 
{ 
"connectorUuid": "af50f5c0-c8c2-11e9-945e-77a38645daea", 
"accountIdentifier": "XXXXXXXXXXXX", 
"cloudType": "AWS", 
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"connectorName": "AWS Connector 1" 
} 
l 
"regions": [ 
"us-east-1", 


"us-east-2" 
] 
T 
"AZURE": { 
"directAccountScope": [ 
1 
"connectorUuid": "2e0c1660-d061-11e9-ad71-df4fba75b3c5", 
“accountIdentifier": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" y 
“cloudType": "AZURE", 
“connectorName": "Azure_Connector_2" 
} 
] 
H 
GCP ef 
"directAccountScope": [ 
{ 
"connectorUuid": "66e/7d1f0-c8c2-11e9-9fcb-85661d3ad949", 
“accountIdentifier": "gcp-demo", 
"cloudType": "GCP", 
“connectorName": "GCP_Connector_3" 
} 
] 
} 
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Update Groups Scope for User 
/rest/v1/users/{userName}/groupScope 

[POST] 

You can now update the groups associated with a specific user. You could 
add new groups and remove groups that are associated with the user using 


update operation. 


Input Parameters 


Parameter Description 


userName Provide the username for which the group 
scope needs to be updated. 


userGroupModifyRequest (body) Use this to specify the group IDs that 
you want to add and remove. 


Example: 


"add": {"groupsIds": ["string"] 
T. 


"remove": {"groupsIds": ["string"] 
} 
} 


where, 
grouplds: unique ID assigned to the group. 


Example: ea4b240f-c27c-30a6-ba28- 
8fc9a38fa8d1 


Sample - Update Connectors in a group 


API request 
curl -k -X POST -u <username>:<password> 
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"https://<QualysURL>/cloudview-api/rest/v1/users/user john/groupScope' 


Request POST Data 
userGroupModifyRequest : 


if 
"add": { 
"groupsIds": |i 
"52660405-27d3-3f69-b764-b0061ab4c494" 
] 
L 


"remove": { 
"groupsids": [ 
"9d665fd0-f15d-379F-8b11-b39cd4ebfd9e" 


] 
} 
} 
Response 
d 
"groups": [ 
{ 
"uuid": "52660405-27d3-3f69-b764-b0861ab4c494", 
"title": "new-group", 
"connectorCount": 2 
} 

], 

"AWS": { 
"directAccountScope": [], 
"regions": [|] 

Jo 

"AZURE": { 
"directAccountScope": [] 

Jo 

EE 
"directAccountScope": [] 

y 

7 
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Update Connector Scope for user 
/rest/v1/users/{userName}/scope 


[POST] 


You can now update the connectors associated with a specific connector. You 
could add new groups and remove groups that are associated with the 
connector using update operation. 


Input Parameters 


Parameter Description 


userName Provide the username for which the group 
scope needs to be updated. 


userGroupModifyRequest Use this to specify the group IDs that you 
want to add and remove. 


Example: 


{ 
"add": { 
“accountIdentifiers": ["string"], 
"regions": ["string"] 
L 
"remove": { 
“accountIdentifiers": ["string"], 
"regions": ["string" | 
} 
} 


where, 

accountidentifiers: The ungiue identifier 
associated with a connector. For every cloud 
provider, the identifier is different. 


- AWS: account ID (Example: 111111111111) 
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- Azure: subscription ID (Example: 11111111-1111- 
1111-1111-111111111111) 


- GCP: project ID (Example: sample_gcp) 


regions: (applicable only for AWS connectors) 
Specify the region of the connector 


cloudType Select the cloud provider of the connector 
being updated: AWS, Azure or GCP. 


Sample - Update the Groups associated with the Connector 


API request 


curl -k -X POST -u <username>:<password> 
'https://<QualysURL>/cloudview- 
api/rest/vl/users/user john/scope?cloudType=AWS" 


Request POST Data 


sadda: { 
"accountIdentifiers": [ 
"XXXXXXXXXXXX" 
]; 
"regions" : ["us-east-1","us-east-2" ] 
L. 
"remove": { 
“accountIdentifiers": [ 


"XXXXXXXXXXXX" 
], 
"regions" : ["eu-west-1" | 
T 
} 
CloudType : AWS 
Response 
i 
"groups": [ 
{ 


"uuid": "52660405-27d3-3f69-b764-b0861ab4c494", 
"title": "new sample group", 
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"connectorCount": 2 


} 
], 
DANS i 
“directAccountScope": [ 
i 
"connectorUuid": "af50f5c@-c8c2-11e9-945e-77a38645daea", 
"accountIdentifier": "XXXXXXXXXXXX", 
"cloudType": "AWS", 
“connectorName": "AWS Connector" 
} 
l- 
"regions": [ 
"us-east-1", 
"us-east-2" 
] 
Jo 
"AZURE": { 
"directAccountScope": [] 
hs 
MGCP oy cf 
"directAccountScope": [ 
1 
"connectorUuid": "66e7d1f@-c8c2-11e9-9Fcb-85661d3ad949", 
“accountIdentifier": "gcp-demo", 
“cloudType": "GCP", 
"connectorName": "GCP_ Connector" 
} 
] 
} 
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Secure laC 


Secure Infrastructure as Code 


In the current continuous integration and continuous deployment (CICD) 
environment, the scans are conducted on cloud resources after deployment. 
As a result, you secure the cloud resources post deployment. We are 
introducing Infrastructure as Code (laC) Security feature for AWS Terraform. 
With arrival of laC scan, you can now secure your code (laC) before it gets 
deployed in the cloud environment. 


The new Qualys laC Security feature will help shifting security and compliance 
posture of cloud security to left, allowing evaluation of cloud resource 
misconfigurations even before actual deployment. Using this feature, cloud 
infrastructure teams can prevent misconfigurations before it really happens. 


The first step towards laC security is triggering an laC scan. In the current 
scenario, the scans are executed after the cloud resources are deployed in the 
cloud environment. As a result, fixing of misconfigurations happens post 
deployment. However, using this feature, you can trigger the scan on laC 
(configuration file) before the cloud resources are deployed in the 
environment. 


Once you trigger the scan, we will evaluate the configuration file (laC) against 
pre-defined controls. 


laC scanning works by uploading the template file or zip containing multiple 
files to CloudView, either via our CLI or API. The template is processed, and 
the response returns a scan ID. The returned scan id then can be used to fetch 
the scan report which provides the evaluation results giving you a clear 
picture of the misconfigurations (if any) that need to be fixed to secure your 
code before the actual deployment. 


You can scan the templates either through CLI commands or using APIs: 


Scanning Template Files Using CLI 


Scanning Template Files Using API 


Want to know more? 


Pre-requisites 
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Template Support 


Understanding laC Scan Output 
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Pre-requisites & Template Support 


Template Support 
This Qualys laC Security version supports following template files: 


- AWS, Azure, and GCP Terraform Templates: The .tf template files - laC 
Security scan supports over 100 terraform resource types. 


- AWS, Azure, and GCP Terraform Plan: The .json plan files - To scan the plan 
files, you need to make those files available in JSON format. Refer 
https://www.terraform.io/docs/internals/json-format.html 


- AWS Cloudformation Template: We support the file types:.json, .yaml, ._yml, 
template 


- Compressed Template File Formats: We are supporting following 
compressed template file format: 


e Zip 
e .7Z 
e tar 
e „tar.gz 
e gZ 


Pre-requisite 

Users with a non-expired paid/trial version of Cloud Security Assessment 
(CSA) subscription that has API access enabled. The following users with 
required permissions can access laC: 


- A user with Manager access 


- A sub-user with the CLOUDVIEW API Access 
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Scanning Template Files Using CLI 


Qualys provides a laC scanning CLI which can be installed on any machines 
having python3. Qualys laC Security CLI is based on Python PIP Platform. For 
complete details, refer to Secure laC section in CloudView User Guide. 
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Scanning Template Files Using APIs 


Scanning Template Files Using APIs 


Qualys provides the following APIs to launch the laC scan and fetch the scan 
results and scan lists. 


1) Trigger laC Scan (POST) 


2) Get Scan Results (GET) 


3) Get List of Scans (GET) 
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Trigger laC Scan 
/rest/v1/iac/scan 


[POST] 


Secure laC 


You can trigger an laC scan. Provide a name and upload the laC configuration 
file to be scanned. Once the scan is triggered, it goes into Submitted state. 
Once the scan is completed (Finished state), the response provides a unique 
Scan UUID that you can use to view the scan results. 


Note: We support only 10 concurrent scans to be executed in parallel. 


Input Parameters 


Parameter 


name 


file 


showOnlyFailedControls 


tags=[{'key':'value'}] 


policyName 


Description 


(Required) Provide a name for the laC scan you 
would want to trigger. 


Note: Double quotes are not allowed. 


(Required) Upload an laC configuration file 
with maximum size of 10MB. For valid file 
formats, refer to Template Support. 


(boolean) Set this flag to true to include only 
the failed controls in the laC scan result. 


Name of the tags. The cloud assets are tagged 
with specified tag are included in the scan. 


Specify the name of the policy in the request. 
Use the policy name to restrict the evaluation 
of controls during the scan. Only the controls 
associated with the specified policy are 
evaluated during the scan. If PolicyName 
parameter is empty, the laC Scan API scans the 
template for all the controls that are applicable 
to resources in the template and return the 
scan results accordingly. 
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Sample - Trigger an lac Scan 


API request 


curl -X POST 
‘https://<QualysBaseURL>/cloudview-api/rest/vl/iac/scan' 

-H ‘authorization: Basic XXXXXXXXXXXXXXXXXXXXXXXXXXX= | 

-H ‘Content-Type: multipart/form-data' 

-F 'file=@security-group.tf' 

E 'name=DemoTemplate' 

-F "policyName=AZURE Infrastructure as Code Security Best Practices 
Policy 

-F 'showOnlyFailedControls=false' 

-F 'tags=[{"Key":"Value"}]' 


Response 


{ 
i 


"scanUuid": "337a21lef-3c53-43bf-aed6-46f04e1c542d" 


247 


Secure laC 


Get laC Scan Results 

/rest/v1/iac/scanResult?scanUuid=[id] 

[GET] 

Use scanUuid returned by Trigger scan API to fetch scan results. The scan 
results can be fetched only when the laC scan is completed. If you try to fetch 
the scan results before it is completed, you will see respective message in 


response. For example, Scan is in a processing state. 


Input Parameters 


Parameter Description 

scanUuid (Required) Unique identifier assigned to the laC scan. 
The scan Uuid is returned in the response of Trigger 
laC scan. 


responseFormat Select the format in which the response should be 
displayed. You can choose from JSON, SARIF format 
types. By default. response is displayed in JSON 
format. 


Note: If you specify SARIF format and the scan is not 
completed, then the response is in JSON format. SARIF 
format is returned only for completed scans. 


Sample - Trigger an lac Scan (JSON) 


API request 


curl -X GET 

"https: //<QualysBaseURL>/cloudview- 

api/rest/v1/iac/scanResult ?scanUuid=337a21ef -3c53-43bf-aed6- 
46f04e1c542d" -H ‘authorization: Basic XXXXXXXXXXXXXXXXXXXXXXXXXXX ' 


Response (JSON) 


if 
"scanUuid": "337a21ef-3c53-43bf-aed6-46F04e1c542d", 


"scanDate": "2021-@6-22T11:13:37.275+00:00", 
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"name": “Sample Scan", 
"status": "FINISHED", 
"tags": H, 

"result": [ 


"checkType": "terraform", 
"results": { 
“passedChecks": [ 


"checkId": "CKV_AWS 60", 
"checkName": "Ensure IAM role allows only specific 
services or principals to assume it", 
SCritiucality . “HIGH: 5 
“evcontrol > nul, 
"checkResult": { 
"result": "PASSED", 
"evaluatedKeys": [] 
}; 
"codeBlock": [ 
[ 
227 
“resource \"aws_iam_role\" \"dynamodb-dax-cluster-iam- 
role-fail\" {\n" 
IE 


[ 
2AF 


name = \"dax-cluster-iam-role- 
FALIN wer, 


l 


"filePath": "/dynamodb.tfplan.json", 
"repoFilePath": "/dynamodb.tfplan.json", 
"resource": "“aws_dynamodb_table.dynamodb-table-fail", 
"callerFilePath": null, 
"callerFileLineRange": null, 
"remediation": “Ensure aws_dynamodb table resource has 
enabled argument set to True for point_in_time_recovery object." 
} 
]; 
"skippedChecks": [], 
"parsingErrors": [] 
TL. 
"summary": { 
"passed": 5, 
"failed": 3, 
"failedStats": { 
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EB E 
ons ál, 
"medium": o 
l 
"skipped": ©, 
“parsingErrors": © 
} 
} 
] 
} 
} 


We have now added error codes to the response when you fetch laC scan 
results for troubleshooting purposes. You can provide the error codes to 
Qualys support that helps us troubleshoot the issue. 


Error Sample - Trigger an lac Scan 


API request 


curl -X GET 

“https: //<QualysBaseURL>/cloudviewapi/rest/v1/iac/getScanList?filter=s 
canUuid:3010f375-084f-408f-9590-8a4692a5538c&pageNo=@&pageSize=80" -H 
‘authorization: Basic XXXXXXXXXXXXXXXXXXXXXXXXXXX " 


Response 
il 


"scanUuid": "3010f375-084F-408f-9590-8a4692a5538c", 
“scanDate": "2021-09-23T12:09:35.283+00:00", 


"name": "text file", 
"status": "ERROR", 
"tags": [], 


"message": "INTERNAL ERROR", 
"errorCode": 70503 


} 


Sample - Trigger an lac Scan (SARIF) 


API request 


curl -X GET 
"https: //<QualysBaseURL>/cloudview- 
api/rest/v1/iac/scanResult ?scanUuid=337a21ef -3c53-43bf-aed6- 
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46f04e1c542d" -H ‘responseFormat: sarif' -H ‘authorization: Basic 
XXXXXXXXXXXXXXXXXXXXXXXXXXX ' 


Response (SARIF) 


{ 

EE tone TOR 

"runs": [ 

{ 

„tools: { 

"driver": { 

"name": "QualysIaCSecurity", 
"organization": "Qualys", 
"rules": [ 

d 

EE 

"name": "Ensure that Bucket should not log to itself", 


“messageStrings": { 
"remediation": { 


"text": "Ensure google storage bucket resource does not have argument 
log bucket name equal to bucket_name" 
T 


Ee 
"text": "HIGH" 


e 

} 

H 

"id": "52036", 

"name": “Ensure that Cloud Storage buckets have uniform bucket-level 


access enabled", 
"messageStrings": { 
"remediation": { 


"text": "Ensure google storage bucket resource has argument 
uniform_bucket_level_access set to True" 
hs 


EE 
"text": "MEDIUM" 


} 

} 

T 

{ 

"id": "52030", 

"name": "Ensure that Cloud Storage bucket is not anonymously or 


publvelysaccessibles,; 
“messageStrings": { 
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"remediation": { 

"text": "Ensure google storage bucket iam member, 

google storage bucket iam binding resource does not have argument 
members set to allAuthenticatedUsers, allUsers" 

hs 

"Ch liiGal eyes T 

"text": "HIGH" 


} 

} 

le 

] 

} 

js 

"results": [ 

if 

rules “SAGE, 
"level": "error", 


"message": { 

"text": "Ensure that Bucket should not log to itself" 
hs 

"locations": [ 

{ 

"physicalLocation": { 
"artifactLocation": { 
AU ELE Ne 

L 

"region": { 

stanti iner: 1, 
"endLine": 11 


} 
} 
} 
] 
hs 
{ 

"ruleId": "52036", 

"level": "error", 

"message": { 

"text": "Ensure that Cloud Storage buckets have uniform bucket-level 
access enabled" 


js 

"locations: [ 

{ 
"“physicalLocation": 
“"artifactLocation": 
CUR so) GGP Vr ief 


As 
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“regions: À 
“startLine": 1, 
"endLine": 11 


} 

} 

} 

] 

hs 

al 

"ruleId": "52030", 
"level": "error", 
"message": { 

"text": “Ensure that Cloud Storage bucket is not anonymously or 
publicly accessible" 
hs 

"locations": [ 

{ 


"physicalLocation": { 
"artifactLocation": { 
GU Le GCP TE 

L 

"region": { 
"startLine": 13, 
"endLine": 19 


CE eee) 


Lei 
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Get laC Scan List 
/rest/vl/iac/getScanList 
[GET] 


You can fetch the list of scans that you have triggered by you. You could also 
use filters to narrow down the scan list. For example, filter such as status of 
the scan (SUBMITTED, PROCESSING, or FINISHED) to view scans that are in 
particular state. 


Input Parameters 


Parameter Description 


filter Filter the scan list by providing a query using filters we 
support. The following search filters are supported: 


- scanUuid: Unique identifier assigned to the laC scan. 
The scan UUID is returned in the response of Trigger 
laC scan after the scan is completed. 


- status: status of the scan - SUBMITTED, 
PROCESSING, or FINISHED. 


- tag.key & tag.value: Use a text value ##### to define 
the key and value of the tag assigned to the resource 
(case sensitive). For example, using the 
status:FINISHED filter in the curl request fetches all 
scans that are completed. 


- scanDate:[start date .. end date]: Use a date range or 
a specific date on which the scan was triggered. For 
more information on how to enter dates, see Date 


Queries. 
pageNo (integer) The page to be returned. 
pageSize (integer) The number of records per page to be 


included in the response. 


Sample - Get Scan list 
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API request 


curl -X GET 

"https://<QualysBaseURL>/cloudview- 
api/rest/v1/iac/getScanList?filter=scanUuid:337a21ef-3c53-43bf-aed6- 
46f04e1c542d AND tag.value:Value AND tag.key:Key AND status:FINISHED 
AND scanDate:%5B2021-06-15%20...%202021-06-24%5D&pageNo=0&pageSize=80" 
-H ‘authorization: Basic XXXXXXXXXXXXXXXXXXXXXXXXXXX ' 


Response 
{ 
"content": [ 
{ 
“scanUuid": "337a21ef-3c53-43bf-aed6-46f04e1c542d", 
"tags": [ 
di 
"key": "Key", 
"value": "Value" 
} 
Ip 
“scanDate": “2021-96-16T12:05:03.889+00:00", 
"status": "FINISHED", 
"name": "FilterTrue" 
Jo 
]; 
"pageable": { 
SSO cay 
"sorted": true, 
"unsorted": false 
}s 


"pageSize": 50, 
"pageNumber": 0, 
"offset": 0, 
"paged": true, 
"unpaged": false 
Jo 
"totalPages": 3, 
"totalElements": 140, 
"last": false, 
"number": 0, 


"size": 50, 
“numberOfElements": 50, 
RE i 


"sorted": true, 
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"unsorted": false 


J 


"first": true 


} 
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Understanding laC Scan Output 

The responses of laC Scan APIs are in JSON format. In command line interface 
(CLI), the output is defaulted to tabular display. CLI can output JSON 
response with additional input parameter for format. 


The response in JSON format has the following elements. 


Element Description 

scanUuid Unique identifier for the respective laC scan 
scanDate Date when the scan was triggered. 

name Name of the laC scan. 

status Scan status. The values are: SUBMITTED, 


PROCESSING, or FINISHED. 
tags Tags from input. 


result This is a nested result which has details of findings. 
Refer next table for more details. 


The “result” element has below sub-elements. 


Sub-Element Description 

checkType Type of check implemented on respective laC 
templates. For example:terraform, terraform_plan, and 
so on. 

results Nested result structure which has details such as 


passed, failed, skipped checks, and parsing errors. 
Refer next table for further details. 


summary Summarizes count of passed, failed, skipped checks, 
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and parsing errors. For failed checks it shows stats 
about count of high, medium, log criticalities. 


Each “results” element has below sub-elements. 


Sub-Element Description 
passedChecks Lists all passed checks for laC scan 
failedChecks Lists all failed checks for laC scan 


skippedChecks Lists all skipped checks for laC scan 
parsingErrors For the issues of parsing laC templates, this section 


lists file names. 


Each of passed, failed and skipped checks have evidence in response 
containing below fields. 


Sub-Element Description 

checkld An identifier of the check which was evaluated. 

checkName Description of check which was evaluated. 

criticality The criticality of the check and finding. 

cvControl Qualys CloudView control (run time). It has CID and 
Description 

checkResult It can either be PASSED, FAILED or SKIPPED. It also 


shows evaluated key for the respective check 
codeBlock The code block showing evidence in result. 


filePath Location of relative path of the template that was 
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repoFilePath 


resource 


callerFilePath 


callerFileLineRange 
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scanned. 
Line numbers impacted in respective laC template. 


Location of relative path of the template that was 
scanned 


laC template resource that was scanned. 


If terraform templates use modules, the evaluated 
code block is added. If called from other, sections 
are added to this field. 


If terraform templates use modules, the line 
numbers of caller are added to this field. 


The remediation steps for customer's actions. 
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